On 14 Oct 2015 13:39 -0400, from kevinsisco61...@gmail.com (Kevin): > http://www.networkworld.com/article/2990801/sha-1-hashing-algorithm-could-succumb-to-75k-attack-researchers-say.html
To answer the question in the subject line: SHA-1 is already being phased out, particularly in areas where collision resistance matters. Just like MD5, there are still situations in which SHA-1 provides a fully adequate level of security even _if_ finding collisions was actually easy, and there are mitigative strategies that can be used to make finding useful collisions much harder (such as using multiple hash algorithms in tandem, or iterative hashing). A major use for even a cryptographic hash algorithm where collisions can be found reasonably easily is as a compression function for password hashing. With the above said, new designs that need collision resistance should obviously use more secure hash algorithms, and even more than that, should probably plan ahead for when _those_ algorithms reach the end of their useful life and allow for a migration strategy. SSL/TLS certificates allow for a migration strategy, which is why the fact that we no longer trust previously MD5 and now SHA-1 doesn't immediately break everything. For SHA-1 sunsetting, see for example [1], [2], both of which are over a year old. SHA-1 is on schedule to be sunset for TLS certificates at the end of 2016; the major browsers don't consider SHA-1 based certificates which are valid after 1 Jan 2017 to be trustworthy, which with the one-year commonly selected validity period of CA-signed certificates means we are only a few months away from starting to see this in practice. It's possible that this schedule is overly optimistic in light of recent events, but even so, that's moving SHA-1 from basically ubiquitous to actually untrusted in two and a half years, which is already quite fast. It would seem likely to me that accelerating the sunset of SHA-1 at this point would cause massive disruption, considering that people probably are making plans based on the announced dates. [1]: https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ [2]: https://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html -- Michael Kjörling • https://michael.kjorling.se • mich...@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography