On 23 February 2017 at 20:59, Ca By <cb.list6@gmail.com> wrote:
On Thu, Feb 23, 2017 at 10:27 AM Grant Ridder <shortdudey123@gmail.com> wrote:
Coworker passed this on to me.
Looks like SHA1 hash collisions are now achievable in a reasonable time period https://shattered.io/
-Grant
Good thing we "secure" our routing protocols with MD5
:)
One place that use sha1 seems to be some banking gateways. They sign the parameters of some request to authentificate the request has a valid one doing something like "sha1( MerchantID . secureCode . TerminalID . amount . exponent . moneyCode )". I have no idea how evil people would exploit collisions here, but I guest banking will move to the next hash algorithm (sha256?) and deprecate this one. This may affect more "Mom and Pa Online Shop" than bigger services. -- -- ℱin del ℳensaje.