Friday, February 24, 2017

SHA1 RIP

It was announced that SHA1 have been broken in practice. On following post https://shattered.it/, you can learn how dangerous is becoming to still use this cryptographic hash function. Basically, now it's possible to have or create two different documents with same hash SHA1 signature.
For example: on shattered.it there are two pdf documents (shattered-1.pdf, shattered-2.pdf) with different contents but with same SHA1 hash ! If you don't believe the shattered.it, you can download the example pdfs locally and generate the SHA1 hash, for example using powershell and
Get-FileHash cmdlet:


If you don't believe your eyes, try it yourself :)

And finally as a simple conclusion, with this publicly available example in mind, I think it would be the best for your data, to start making plans for replacing SHA1 with SHA2 algorithm ASAP.

No comments:

Post a Comment