Friday, 6 November 2015

Microsoft Is Considering SHA-1 Certificates To Block Previously

Microsoft is considering because of recent research to SSL certificates with the SHA-1 algorithm to block half a year earlier than planned. From the screening shows that it is much cheaper to attack SHA-1 certificates than previously assumed.

A hashing algorithm is considered safe if it is for any input has a unique output and that output is not turning back so that imports can be traced. Because the output should not manipulate, hashes are used to demonstrate the validity of certificates and files, for example. Since 2005, however, there are collision attacks on SHA-1 is known where various input gives the same output.

Recent research by Marc Stevens of the Mathematics and Computer Science (CWI) in Amsterdam, Pierre Karpman from the French INRIA and Thomas PEYRIN NTU of Singapore shows that performing such a collision attack can be much cheaper than previously thought. This would also criminals can perform these attacks. This would make it possible for attackers to forge certificates for example.

Microsoft had previously announced to SHA-1 certificates block from 2017, but is now considering to introduce in the block next June. Seven months earlier than planned. Last month, showed Mozilla already know that it is considering to implement the SHA-1 blockade earlier, giving a date of July 1, 2016 was mentioned. Microsoft is now with other browser developers discuss the impact of the new date proposed is based on use and the feasibility of SHA-1 attacks.

