Tag: sha-1

Why the SHA-1 collision means you should stop using the algorithm

Unexpected though it may have been, the SHA-1 collision found by researchers at CWI Amsterdam and Google earlier this year is one of the biggest security stories of 2017 thus far. Now, stories about breaking cryptographic protocols tend to attract a disproportionate amount of media attention compared to the likelihood of them ever being exploited…

March 10, 2017
Why the SHA-1 collision means you should stop using the algorithm

Unexpected though it may have been, the SHA-1 collision found by researchers at CWI Amsterdam and Google earlier this year is one of the biggest security stories of 2017 thus far. Now, stories about breaking cryptographic protocols tend to attract a disproportionate amount of media attention compared to the likelihood of them ever being exploited…

March 10, 2017
The SHA-1 hashing algorithm has been ‘shattered’

Researchers from Google and CWI Amsterdam have created the first publicly known SHA-1 collision. SHA-1 is a hashing algorithm: it turns data of arbitrary size (such as a string of text, or a file) into a fixed-length string, with a number of cryptographic properties . Hash functions are ubiquitous in IT in general and security in…

February 23, 2017
The SHA-1 hashing algorithm has been ‘shattered’

Researchers from Google and CWI Amsterdam have created the first publicly known SHA-1 collision. SHA-1 is a hashing algorithm: it turns data of arbitrary size (such as a string of text, or a file) into a fixed-length string, with a number of cryptographic properties . Hash functions are ubiquitous in IT in general and security in…

February 23, 2017
It’s 2016. Can we stop using MD5 in malware analyses?

When a security researcher comes across a new piece of malware, the first thing he (or she) does is check the file hash to see if it has been seen, or maybe even analysed, before. For that reason, if the researcher does end up writing an analysis, it is considered good practice to add the…

July 26, 2016
It’s 2016. Can we stop using MD5 in malware analyses?

When a security researcher comes across a new piece of malware, the first thing he (or she) does is check the file hash to see if it has been seen, or maybe even analysed, before. For that reason, if the researcher does end up writing an analysis, it is considered good practice to add the…

July 26, 2016
How broken is SHA-1 really?

Earlier this month, I gave a talk entitled ” How Broken Is Our Crypto Really? ” at the RSA Conference in San Francisco. In the presentation, I looked at vulnerabilities found in cryptographic protocols and analysed the likeliness of these being exploited in practice. I spent a few minutes talking about SHA-1 and stated that…

March 15, 2016
Throwback Thursday: Hash Woes

Just last week, VB Editor Martijn Grooten addressed an audience at the RSA Conference in San Francisco on the topic of cryptographic protocols that have supposedly been broken in recent years, including the SHA-1 hash function which is considered all but broken. Back in 2004, the entire crypto community was abuzz with the astonishing news that a…

March 10, 2016