DHE, RC4 and now SHA-1 (though the attack took ten days of computing time on GPU cards, but we all know what that eventually means). And yet, the businesses want your credit card and other personal info, but don’t want to upgrade their servers encryption algorithms:
SHA-1 Freestart Collision
Schneier on Security
Oct. 8, 2015
There’s a new cryptanalysis result against the hash function SHA-1:
Abstract: We present in this article a freestart collision example for SHA-1, i.e., a collision for its internal compression function. This is the first practical break of the full SHA-1, reaching all 80 out of 80 steps, while only 10 days of computation on a 64 GPU cluster were necessary to perform the attack. This work builds on a continuous series of cryptanalytic advancements on SHA-1 since the theoretical collision attack breakthrough in 2005. ….
[Continue reading here: https://www.schneier.com/blog/archives/2015/10/sha-1_freestart.html%5D
