Researchers have unveiled the first practical collision attack for the 22 year old cryptographic hash function SHA-1. While long expected, news of the attack, dubbed ‘SHAttered,’ should further accelerate the urgency of sunsetting of the maligned algorithm. Lamar Bailey, Sr. Director, Security R&D at Tripwire commented below.
Lamar Bailey, Sr. Director, Security R&D at Tripwire:
“Cryptographic algorithms have a half-life similar to radioactive isotopes. The factors that play into determining the half-life are the processing power needed to find collisions that break the algorithm along with the costs to obtain the processing power. When both of these factors are in the realm of possibility of a well-funded bad actor that expends the resources for a high priority target, the algorithm can be broken. Once these conditions are met, it is time to have a plan to replace the algorithm in any and all highly secure applications and have a plan for removal in lower importance uses. Companies should have a plan to retire this algorithm as soon as reasonably possible and no later than the end of the year.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…