Researchers at Nanyang Technological University, Singapore (NTU Singapore) and INRIA in France have demonstrated a security flaw in the widely used SHA-1 security algorithm that would allow bad actors to fake files and the information within them, and make them look authentic.
The researchers encourage companies to move on from using SHA-1.
The team used a cluster of 900 GPUs running for two months to demonstrate a way to break SHA-1 using a chosen-prefix collision attack.
The chosen-prefix collision attack targets a type of file called a PGP/GnuPG certificate, which is a digital proof of identity that relies on SHA-1 as a hash function.
Said NTU Singapore's Thomas Peyrin, "Chosen-prefix collision attack means that an attacker can start with any first part for both messages, and freely alter the rest, but the resulting fingerprint values will still be the same, they will still collide."
From Nanyang Technological University (Singapore)
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA