Sign In

Communications of the ACM

ACM TechNews

Critical Flaw Demonstrated in Common Digital Security Algorithm


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The researchers encourage companies to move on from using the SHA-1 security algorithm.

A critical security flaw in a commonly used security algorithm would allow attackers to fake specific files and the information within them and pass them off as authentic.

Credit: CC0 Public Domain

Researchers at Nanyang Technological University, Singapore (NTU Singapore) and INRIA in France have demonstrated a security flaw in the widely used SHA-1 security algorithm that would allow bad actors to fake files and the information within them, and make them look authentic.

The researchers encourage companies to move on from using SHA-1.

The team used a cluster of 900 GPUs running for two months to demonstrate a way to break SHA-1 using a chosen-prefix collision attack.

The chosen-prefix collision attack targets a type of file called a PGP/GnuPG certificate, which is a digital proof of identity that relies on SHA-1 as a hash function.

Said NTU Singapore's Thomas Peyrin, "Chosen-prefix collision attack means that an attacker can start with any first part for both messages, and freely alter the rest, but the resulting fingerprint values will still be the same, they will still collide."

From Nanyang Technological University (Singapore)
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found