Dutchman performs major attack on the commonly used digital security
A Dutch researcher has, together with the security team of Google, a widely used digital protocol being attacked.
With the attack wants to researcher Marc Stevens show that this form of security, the so-called sha-1 algorithm, is no longer secure, and as quickly as possible needs to be replaced. According to Stevens companies must faster to switch to safer standards.
With sha-1 are digital services, such as e-mail and online payments, behind-the-scenes encrypted. They would not abuse it.
That sha-1 is less secure than before, was already known. In 2011, it was already shown that the certificate since 2005 is vulnerable to attacks from the outside.
But until today, went to theoretical or partial attacks on the security, let the researcher of the Centre Mathematics and computer science Thursday, know.
Stevens is the first researcher who successfully exploits the security breach. The preparation of the attack has months cost. There were also special computers of Google, which is 9.2 trillion calculations to perform. That has also months.
Meanwhile, there are already a few alternatives available. Thus, sha-2 and sha-3 already been released, which can offer protection against such attacks from the outside.
Also is there a free program available that can be checked or there are files on a computer that unsafe situations with respect to sha-1.
In addition, popular web browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox, now see a warning when connections are protected with the sha-1 certificate. In addition, in 2017 no sha-1 certificates are more issued.