Announcing the First SHA1 Collision →


Google Security Blog:

Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

Chcesz zwrócić mi na coś uwagę lub skomentować? Zapraszam na @morid1n.

  • Hopfully attacks like that (by the “good guys”) will finally make industry realize that there is no point in clinging to old standards and move forward, the fact that industry is pursuing 3072-bit or 4096-bit RSA to future proof security instead of ditching RSA for ECC is still mind-boggling to me.

  • People are lazy (in upgrading to newer better things). That’s one of the problems.