Information Security News mailing list archives
OpenSSH to deprecate SHA-1 logins due to security risk
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 28 May 2020 05:04:36 +0000 (UTC)
https://www.zdnet.com/article/openssh-to-deprecate-sha-1-logins-due-to-security-risk/ By Catalin Cimpanu Zero Day ZDNet.com May 27, 2020OpenSSH, the most popular utility for connecting to and managing remote servers, has announced today plans to drop support for its SHA-1 authentication scheme.
The OpenSSH team cited security concerns with the SHA-1 hashing algorithm, currently considered insecure.
The algorithm was broken in a practical, real-world attack in February 2017, when Google cryptographers disclosed SHAttered, a technique that could make two different files appear as they had the same SHA-1 file signature.
At the time, creating an SHA-1 collision was considered computationally expensive, and Google experts thought SHA-1 could still be used in practice for at least half a decade until the cost would go down.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- OpenSSH to deprecate SHA-1 logins due to security risk InfoSec News (May 27)