Security

Google Researchers Cracked Trusted Internet Security Tool

It has been twenty years since SHA-1 was first introduced. SHA-1 was created back in 1995 by the National Security Agency (NSA). It was a part of the Digital Signature Algorithm, and like other hashes, it would take the entered message and convert it to a string of letters and numbers that served as a cryptographic fingerprint of that particular message. No two messages would be alike. A Google team of researchers recently announced that they managed to break the SHA-1 cryptographic algorithm.

Read More: Advanced Protection: How to Increase Your Privacy on Android

Cracking the SHA-1

Despite warnings of the algorithm’s effectiveness, it was still widely used. According to the researchers, the “SHAttered” attack, as they call it, is 100,000 times faster than a brute force attack. One researcher stated: “This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.”

That’s no small number. Even though security groups have stated the ineffectiveness of SHA-1 throughout the last decade, no one dealt with the underlying issues of a fading piece of technology. Microsoft had released a statement back in 2013 where they stated that SHA-1 would not be accepted after 2016.

Now everyone who ignored the warnings is in a race against time. They have a mere ninety days before Google releases the proof-of-concept code (PoC). This document will define the coding that the company used to create the collision attack. After that, everyone will have access to the information and can make their own pair of PDFs that hash to the same SHA-1. It’s bad news for services that have been reliant on the aging algorithm. For the many services that still use the now proven insecure SHA-1, they have three months to replace it with a more suitable and secure option like SHA-256 and SHA-3.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago