SHA1 crypto algorithm underpinning Internet security could fall by 2018

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2012/10/sha1-crypto-algorithm-could-fall-by-2018/

By Dan Goodin
Ars Technica
Oct 6, 2012

A widely used cryptographic algorithm used to secure sensitive websites, 
software, and corporate servers is weak enough that well-financed 
criminals could crack it in the next six years, a cryptographer said.

The prediction about the SHA1 algorithm, posted recently to a hash 
function mailing list sponsored by the National Institute of Standards 
and Technology, is based on calculations its author and fellow 
cryptographers admit are rough. The back-of-the-envelope math also 
incorporates several assumptions that are by no means certain. At the 
same time, the ability to carry out a reliable "collision attack" on 
SHA1 would have catastrophic effects on the security of the Internet.

Similar collision attacks on the weaker MD5 algorithm provide an example 
of how dire and widespread the resulting harm could be. The Flame 
espionage malware, which the US and Israel are believed to have 
unleashed to spy on sensitive Iranian networks, wielded such an exploit 
to hijack Microsoft's Windows Update mechanism so the malicious program 
could spread from computer to computer inside an infected network. 
Separately, in 2008, a team of computer scientists and security 
researchers used the technique to forge a master secure sockets layer 
certificate that could authenticate virtually any website of their 
choosing.

SHA1 is considerably more resistant than MD5 to collision attacks, in 
which two different plaintext sources generate the same ciphertext, or 
digital signature. As a result, SSL certificate authorities, software 
companies, and most other security-minded organizations have 
discontinued use of MD5 in favor of SHA1, or better yet SHA2, which is 
believed to be stronger still. (Just this week, NIST designated an 
algorithm known as Keccak to be SHA3.) Cryptographers have long presumed 
these more advanced algorithms will suffer the same fate as MD5, as 
computers' processing speeds become ever faster. With SHA1 a staple in 
digital certificates that certify the authenticity of websites, 
commercial software, and credentials used to administer corporate 
servers, a practical attack on it anytime soon would come with dire 
consequences.

[...]


--
Get your CEH, CISSP or ISSMP with ExpandingSecurity.com Live OnLine classes that will not wreck your schedule.
Come to a free class and see how good our program really is. Free weekly PainPill:
http://www.expandingsecurity.com/PainPill