SHA-1 End Times Have Arrived
Things are about to get a lot safer on the internet with SHA-2, but there is plenty of work still to be done when it comes to SHA-1 deprecation.
Collision attacks
Threatpost News Wrap, August 26, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest on ShadowBrokers and Cisco, Sweet32, decryptors for the Wildfire ransomware, and some gaming forum breaches.
SLOTH Attacks Up Ante on SHA-1, MD5 Deprecation
Researchers have demonstrated new collision attacks against SHA-1 and MD5 implementations in TLS, IKE and SSH.
Microsoft said this week it’s considering moving up its deadline for blocking SHA-1 signed certificates to June 2016.
Mozilla announced that it will begin phasing out support for SHA-1 certificates, and will no longer trust them after Jan. 1, 2017.
Microsoft has given customers six months to find MD5 installations and prepare for a February 2014 patch that will block the broken algorithm.
