SHA-1 algorithm is compromised

 

How does PhishCops® work?

 

 

 

 

 

Headline News:    The Failure of SSL and its underlying SHA-1 algorithm

 

 

 

 


Headline News:    
SSL and its SHA-1 algorithm is compromised

SHA-1 is the technical underpinning of Secure Sockets Layer (SSL), a private-key technology used to send secure information over the Internet. In addition, a handful of microchip makers — including Atmel, Infineon, National Semiconductor and STMicroelectronics — use SHA-1 as the basis for their Trusted Platform Modules developed by the Trusted Computing Group to provide a hardware root of trust in PCs and other devices. Hardware tokens are also typically built on the OATH (Open Authentication) standard, a 160-bit protocol that uses SHA-1 at its core.

In February of2005, three Chinese mathematicians announced that they had cracked (reverse engineered) the SHA-1 hashing algorithm. This announcement has caused considerable consternation among security experts owing to the fact that SHA-1 is used in SSL certificates, tokens, trusted platforms, etc. It is now possible to break, on a mathematic level, the security encryption of SSL equipped websites and most hardware-based tokens.

As a result of this failure of SHA-1, the National Institute of Standards and Technology (NIST) has announced plans to abandon SHA-1 and is calling for all regulatory agencies and hardware vendors to migrate to the new SHA-256 hashing algorithm, which is used by PhishCops®, by 2010.
For a side-by-side comparison of hardware tokens and PhishCops, click here.

Here is just a sampling of what experts are now now saying regarding the SHA-1 algorithm and SSL.

 

 

 

U.S. mulls new digital-signature standard
C-Net News
A team of Chinese scientists shocked the data security world this year by announcing a flaw in a widely used technique used to create and verify digital signatures in e-mail and on the Web…

 

 

 

Microsoft Scraps Old Encryption in New Code
eWeek.com
Microsoft is banning certain cryptographic functions from new computer code, citing increasingly sophisticated attacks that make them less secure, according to a company executive…. the SHA1 encryption algorithm is becoming "creaky at the edges," said Michael Howard, senior security program manager at the company… The algorithms are used to create digital signatures and check the integrity of information… Microsoft is recommending using the Secure Hash Algorithm (SHA)256…instead.

 

 

 

Crypto world in panic as SHA-1 broken
Techworld.com
The SHA-1 (secure hash algorithm) authentication scheme that underpins digital signatures used in SSL browser security and PGP encryption is reported to have been broken….

 

 

 

Vulnerable security algorithms raise concerns
NetworkWorld.com
said Niels Ferguson, a cryptographer with Microsoft. "Try to switch away from SHA-1 as quickly as you can…

 

 

 

SHA1 Cryptographic Hash Update
SystemExperts Corporation
By far, the services that are most vulnerable to the recent attacks are digital signatures and related document authenticity signatures…
A loud and clear call has gone out to the network protocol and information exchange standards bodies developing/modifying standards that can accommodate new hash functions as soon as possible…. the SHA256 standard is currently resisting known SHA1 attacks….
 

 

 

New optimized SHA-1 attack
Virus.org
SHA-1 is broken, it should be replaced with the newer SHA hashes…

 

 

 

Authentication technology bites the dust
Techworld.com
Virtually all application and server software that incorporates SHA-1 into its functions, including Web browsers, e-mail clients, instant messaging programs, secure shell clients, and file and disk encryption software, will need to be replaced or upgraded…. experts are urging software companies to integrate SHA-256 into applications that currently use SHA-1…
 

 

 

How long does it take to crack SSL?
Marktaw.com (blog)
That's 1 SSL connection cracked every 7 minutes…

 

 

 

 

 

 

 

Home   |   Sitemap   |   Contact Us   |   Print this Page   |   Search 
© 2008 Sestus Data Company   All Rights Reserved. PhishCops® is Patent Pending.

Toll Free Tel. (800) 788-1927
California (San Francisco) Tel. (415) 963-4124    |   New York (Manhattan) Tel. (718) 841-7350