Academics Improve SHA-1 Collision Attack, Make It Actually Dangerous
'"Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever 'chosen-prefix collision attack,' a more practical version of the SHA-1 collision attack first carried out by Google two years ago," reports ZDNet. Google's original research allowed attackers to force duplicates for specific files, but this process was often at random. A new SHA-1 collision attack variation (a chosen-prefix attack) detailed last week allows attackers to choose what SHA-1-signed files or data streams they want to forge on demand, making SHA-1 an attack that is now practical in the real world, albeit at a price tag of $100,000 per collision.' -- source: https://it.slashdot.org/story/19/05/13/2255229 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
Maybe I could try a little one............ Cheers John.. On 14/05/19 12:27 PM, Peter Reutemann wrote:
'"Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever 'chosen-prefix collision attack,' a more practical version of the SHA-1 collision attack first carried out by Google two years ago," reports ZDNet. Google's original research allowed attackers to force duplicates for specific files, but this process was often at random. A new SHA-1 collision attack variation (a chosen-prefix attack) detailed last week allows attackers to choose what SHA-1-signed files or data streams they want to forge on demand, making SHA-1 an attack that is now practical in the real world, albeit at a price tag of $100,000 per collision.'
-- source: https://it.slashdot.org/story/19/05/13/2255229
Cheers, Peter
participants (2)
-
John -
Peter Reutemann