https://www.zdnet.com/article/openssh-to-deprecate-sha-1-logins-due-to-security-risk/
By Catalin Cimpanu
Zero Day
ZDNet.com
May 27, 2020
OpenSSH, the most popular utility for connecting to and managing remote
servers, has announced today plans to drop support for its SHA-1 authentication
scheme.
The OpenSSH team cited security concerns with the SHA-1 hashing algorithm,
currently considered insecure.
The algorithm was broken in a practical, real-world attack in February 2017,
when Google cryptographers disclosed SHAttered, a technique that could make two
different files appear as they had the same SHA-1 file signature.
At the time, creating an SHA-1 collision was considered computationally
expensive, and Google experts thought SHA-1 could still be used in practice for
at least half a decade until the cost would go down.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
