SHA-1

Pierluigi Paganini February 24, 2017
SHAttered attack, Google and CWI conducted the first SHA-1 collision attack

Experts at Google and CWI conducted the first real world collision attack against popular SHA-1 hashing algorithm, so called shattered-attack. Researchers at Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands succeeded in conducting the first real world collision attack against popular SHA-1 hashing algorithm. The researchers created two documents with different content but […]

Pierluigi Paganini October 28, 2015
The US DoD still uses SHA-1 signed certificates for use by military agencies

The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentive  the ethical disclosure of vulnerabilities […]

Pierluigi Paganini October 10, 2015
Cost of Breaking SHA-1 decreases due to a new Collision Attack

A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time […]

Pierluigi Paganini September 29, 2014
SHA-1 has been deprecated, what can I do?

The SHA-1 cryptographic hash algorithm has been known vulnerable, Collision attacks against it are too affordable and attacks will get cheaper soon. Many websites today are using digital certificates signed using algorithms based on the hash algorithm called SHA-1. Hashing algorithms are used to ensure the integrity of the certificate in the signing processes, a flawed […]