Researchers have found a new way to attack the SHA-1 hashing algorithm, still used to sign almost one in three SSL certificates that secure major websites, making it more urgent than ever to retire it, they said Thursday.
SHA-1 is a cryptographic hashing function designed to produce a fingerprint of a document, making it easy to tell if a document has been modified after the fingerprint was calculated.
Weaknesses had already been identified in SHA-1, and most modern Web browsers will no longer accept SSL certificates signed with it after Jan. 1, 2017. That date was chosen based on the ever-decreasing cost of the computing power required to attack the algorithm.
To read this article in full or to leave a comment, please click here