Originally posted by bug77
View Post
Announcement
Collapse
No announcement yet.
Google Announces First Practical SHA1 Collision
Collapse
X
-
-
Originally posted by willmore View PostThere had been some chat in the security arena about Googles motivations for pushing for the sunsetting of SHA1. Some speculated they 'knew something that we don't all know' about potential weaknesses to SHA1. Seems that camp may have been on the right path.
Leave a comment:
-
There had been some chat in the security arena about Googles motivations for pushing for the sunsetting of SHA1. Some speculated they 'knew something that we don't all know' about potential weaknesses to SHA1. Seems that camp may have been on the right path.
Leave a comment:
-
I figure in the vast majority of cases (even for most servers), SHA1 is plenty good enough. Even MD5 is good enough for the average person. In the perspective of companies like Google, IBM, MS, Dropbox, etc, I can definitely see why SHA256 is a necessity.
EDIT:
I kind of just realized that Google probably caused more damage with this discovery than they hoped to prevent (especially if those PDFs get released). The average hacker has nowhere near the resources Google has to come to the same conclusion, so as far as hackers were concerned, discovering this wouldn't have been worth their time. Sure, some people would know that it is statistically possible to have 2 different files with the same checksum, but, I don't think anybody knew specifically how to do it. Now, there's definitive proof of it, and we know what file type is known to work.
Regardless, this is very interesting stuff.
EDIT 2:
Contrary to people's adamant suggestions, checksums are not specifically intended for security. To quote from wikipedia:
"A checksum is a small-sized datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage. It is usually applied to an installation file after it is received from the download server. By themselves, checksums are often used to verify data integrity but are not relied upon to verify data authenticity."
Checksums are a great way to ensure data has been accurately (and therefore securely) transferred, but again, that's not the purpose.
People really need to chill out and do some research... Sure, I may have been implicit in my statements but that doesn't make them as wrong as others seems to suggest.Last edited by schmidtbag; 23 February 2017, 12:07 PM.
Leave a comment:
-
Google Announces First Practical SHA1 Collision
Phoronix: Google Announces First Practical SHA1 Collision
While SHA1 is still much better off than MD5, developers really should think about moving to SHA256 or other crypto hashes with Google now demonstrating the first SHA1 collision...
Tags: None
Leave a comment: