SHA-1 Algorithm Rapidly Approaching End of Life
-
Ars Technica reports that researchers in the security space believe that the SHA-1 algorithm will likely be broken by the end of the year prompting browser vendors, and others, to likely move up plans to retire the algorithm.
-
Broken? as in a flaw found? or that compute power will be so readily available and low cost that creating a table becomes worthwhile?
-
I believe broken, as in computers will be so much more capable that SHA-1 is trivially broken with modern systems, and the systems of tomorrow.
Or there-abouts to be.
Google has already been fazing the standard out.
-
Broken in the sense that a new attack that has been theorized is believed that it will be working and cracking SHA-1 will be trivial by year end. Not from an advance in computational power, but from an advance in math.
-
@scottalanmiller said:
Broken in the sense that a new attack that has been theorized is believed that it will be working and cracking SHA-1 will be trivial by year end. Not from an advance in computational power, but from an advance in math.
OK so a real crack. Advances in computational speed is not cracking in my mind. What would take 1 million years by a computer in 1995 would take probably less than a year today (and probably a lot less than that).
-
They measure it in money, but similar thing. It's something like "what was thought to take $500K will suddenly take $79K", like overnight. Any gains from computational speed gains would be on top of that.
-
Whatever they replace it with better be quantum resistant as well, that'll be the new NSA hotness soon enough
-
These newer algorithms that require specific amounts of RAM and have time variables in them to force the decryption to take time are pretty interesting.
-
@Dashrender said:
These newer algorithms that require specific amounts of RAM and have time variables in them to force the decryption to take time are pretty interesting.
Hmmmm.... I'd be interested to see how that works and, more importantly, how does that impact proper decryption versus a cracking attempt?
