• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Google Researchers Successfully Broke SHA-1 Web Security Tool

February 24th, 2017 Waqas Security 0 comments
Google Researchers Successfully Broke SHA-1 Web Security Tool
Share on FacebookShare on Twitter

According to Google’s research team, they have successfully broken Secure Hash Algorithm 1 encryption, commonly referred to as SHA-1, which is a vital internet security tool. They believe that with this new breakthrough they can limit the widespread use of encryption technology.

It is indeed a breakthrough since SHA-1 has been touted as vulnerable so far despite being an important and widely used internet security method but nothing was practically proved. So, now we can claim SHA-1 to be vulnerable without any confusion and it is time for the safety firms and software developers to update the system and use something else instead of this algorithm.

Marc Stevens spearheaded the research with other staff members at the Netherlands-based computer science institute Centrum Wiskunde & Informatica while the Dutch government funded the research. They have been trying to crack the SHA-1 code since 2009 and today, they have finally decoded it successfully and have publicly announced the success story. Google collaborated with Stevens in 2015 and contributed to the research through resourcing pro bono such as computing/engineering infrastructure and technological expertise.

SHA-1 has been a vital internet security tool for as long as 1995, and with the passage of time it became mainstream security tool for internet users and cyber-community, but its salient weaknesses weren’t highlighted until 2005.

LinkedIn data leak in 2016 revealed the company was using unsalted SHA-1 to hash user passwords.

Google practices a profound vulnerability disclosure policy, and as per its policy, the company has plans to release the code acquired after cracking the SHA-1 encryption algorithm. However, this will happen within 90 days from today. This would lead to attackers and cybercriminals receiving an instruction manual for decoding the algorithm. Therefore, whoever will be relying upon SHA-1 will most definitely become vulnerable to attackers’ malicious antics.

The first concrete collision attack against SHA-1

[fullsquaread][/fullsquaread]

In a blog post by Google researcher Elie Bursztein, it was noted that the company had urged security practitioners to employ more reliable and safe “cryptographic hashes,” on an urgent basis. The post further clarified that the SHA-1 algorithm was used very commonly for encryption of documents such as emails, payment transactions, email attachments, electronic files and legal documents. The algorithm has remained in use for so many years that most people would find it difficult to switch to a new mechanism. However, this is the need of the day.

Read the attack Infographics here [Pdf] | Read the Reseach Paper here [Pdf]


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Encryption
  • Google
  • hacking
  • internet
  • Password
  • Privacy
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Uber Sued by Google's Waymo for Stealing its Self-Driving Car Technology
Next article Facebook goes down; comes back with suspicious account activity alert
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells
Security

FBI accessing computers across US to remove malicious web shells

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us