Cryptographers show collision in SHA-1 algorithm

From the EFF:

On February 23rd, a joint team from the CWI Amsterdam and Google announced that they had generated the first ever collision in the SHA-1 cryptographic hashing algorithm. SHA-1 has long been considered theoretically insecure by cryptanalysts due to weaknesses in the algorithm design, but this marks the first time researchers were actually able to demonstrate a real-world example of the insecurity. In addition to being a powerful Proof of Concept (POC), the computing power that went into generating the proof was notable.

So what’s the big deal?

Unfortunately, the migration away from SHA-1 has not been universal. Some programs, such as the version control system Git, have SHA-1 hard-baked into its code. This makes it difficult for projects which rely on Git to ditch the algorithm altogether. The encrypted e-mail system PGP also relies on it in certain places.


  1. witold.bolt 2017-03-01 8:51 am EST
    • pica 2017-03-01 10:31 am EST
      • acobar 2017-03-01 12:54 pm EST
        • pica 2017-03-01 1:53 pm EST
          • Bill Shooter of Bul 2017-03-01 2:45 pm EST
        • Bill Shooter of Bul 2017-03-01 2:27 pm EST
          • pica 2017-03-01 2:50 pm EST
          • Bill Shooter of Bul 2017-03-01 7:04 pm EST
          • acobar 2017-03-01 4:44 pm EST
  2. hamlatzis 2017-03-01 6:16 pm EST