back to article Firefox might shoot shoddy SHA-1 in July

Every time someone asks "how bad is the SHA-1 cipher?" the answer is "easier to crack than you thought", so Mozilla's considering killing it off six months ahead of schedule, on 1 July 2016. The outdated and vulnerable hashing algorithm was this month found to be rather breakable for attackers willing to splurge just $US75,000 …

  1. Anonymous Coward
    Anonymous Coward

    "found to be rather breakable"

    Just to be clear: nobody has yet produced any two files that have the same SHA-1 hash, and your $100K of cloud computing resource will not do this today.

    1. Anonymous Coward
      Anonymous Coward

      Re: "found to be rather breakable"

      no one has SHOWN that they can do it for $100K, but that doesn't mean it hasn't happened.

      We know SHA-1 is crackable for modest resources - ditch it.

    2. Smooth Newt

      Re: "found to be rather breakable"

      your $100K of cloud computing resource will not do this today.

      You have to assume that an attacker has substantially more resources than £100K of cloud computing. The NSA annual budget is about $11 billion, for example, and computers aren't getting slower.

      1. Anonymous Coward
        Anonymous Coward

        Re: "found to be rather breakable"

        And why would the NSA want to crack SHA-1, when they could simply get any of the certificate authorities that they control to issue a new certificate?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019