Communications of the ACM
Critical Flaw Demonstrated in Common Digital Security Algorithm
A critical security flaw in a commonly used security algorithm would allow attackers to fake specific files and the information within them and pass them off as authentic.
Credit: CC0 Public Domain
Researchers at Nanyang Technological University, Singapore (NTU Singapore) and INRIA in France have demonstrated a security flaw in the widely used SHA-1 security algorithm that would allow bad actors to fake files and the information within them, and make them look authentic.
The researchers encourage companies to move on from using SHA-1.
The team used a cluster of 900 GPUs running for two months to demonstrate a way to break SHA-1 using a chosen-prefix collision attack.
The chosen-prefix collision attack targets a type of file called a PGP/GnuPG certificate, which is a digital proof of identity that relies on SHA-1 as a hash function.
Said NTU Singapore's Thomas Peyrin, "Chosen-prefix collision attack means that an attacker can start with any first part for both messages, and freely alter the rest, but the resulting fingerprint values will still be the same, they will still collide."
From Nanyang Technological University (Singapore)
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found