Home
Internet
Internet News
Google, Dutch Institute Crack SHA 1 Internet Security Standard

Google, Dutch Institute Crack SHA-1 Internet Security Standard

By Reuters | Updated: 24 February 2017 10:10 IST

A collaboration between Google's research unit and a Dutch institute on Thursday cracked a widely used cryptographic technology that has been one of the key building blocks of Internet security.

The algorithm, known as Secure Hash Algorithm 1 or SHA-1, is currently used to verify the integrity of digital files and signatures that secure credit card transactions as well as Git open-source software repositories.

Researchers were able to demonstrate a "collision attack" using two different PDF files with the same SHA-1 fingerprint, but with different visible content, according to a paper published by Amsterdam-based Centrum Wiskunde & Informatica.

"Moving forward, it's more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3," according to a post by the collaborators on Google's security blog.

"For the tech community, our findings emphasise the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure," the blog post added.

© Thomson Reuters 2017

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.