The maintainers of OpenSSH, widely used for connecting securely to servers and devices over networks, have warned that the SHA-1 algorithm will be disabled in a "near-future release".
SHA stands for Secure Hash Algorithm. The SHA-1 implementation has been known to be vulnerable since 2005 though still requiring reassuringly non-trivial amounts of computation to break. More powerful attacks have been developed since, and compute resources have become cheaper, so the vulnerability gradually increases.
The OpenSSH decision references a recent paper [PDF] by Gaëtan Leurent and Thomas Peyrin, titled "SHA-1 is a Shambles," showing that a "chosen-prefix collision" can be achieved for $45,000 – more than a casual amount, but "within the means of academic researchers."
A chosen-prefix collision means it's possible to modify data – be it ..
Support the originator by clicking the read the rest link below.
