Farewell to the SHA-1 Hash Algorithm

By on

encrypted_laptop650

Rest in peace SHA-1. Like all security controls, they are valuable only for a certain time. SHA-1, a legacy hashing algorithm once used heavily in secure web browsing, has outlived its usefulness; it is time for its permanent retirement. Microsoft, Mozilla, and Google just announced they will finally drop all support for SHA-1 early next year. The risks of using a weak hashing algorithm in browsers include the possibility of man-in-the-middle attacks, spoofed content, and even phishing against victims.

This security hashing algorithm has been around since circa 1995 and heavily used in protecting web content. Hashing algorithms provide a vital role in verifying the integrity of files and are used when making a secure web connection (i.e., https:// sites) to ensure you are visiting the correct location and not a spoofed site looking to harvest your data. The problem arose in 2005 when researchers from Princeton University published a paper showing it was possible to find collisions much easier than previously thought. For hashing, collisions represent the ability to duplicate the verification with a different source, thus invalidating the security of the system.

The National Institute of Standards and Technology has recommended since 2012 switching to the upgraded SHA-2 variant. But removing embedded algorithms is not an easy or convenient process for website administrators. Thus outdated versions tend to linger on well after their useful life. Ultimately, such legacy support becomes more caustic over time and lends itself to progressively weaker security.

So, the end of SHA-1 is good news for everyone, except attackers. Farewell SHA-1. The industry has finally stood up and collectively voted you out.

 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

 

Leave a Comment

Similar articles

The summer season is quickly approaching. Users will take to the skies, roads, and oceans to travel throughout the world for a fun family adventure. But just because users take time off doesn’t mean that their security should. So, with the season’s arrival, we decided to conduct a survey so to better understand users’ cybersecurity ...
Read Blog
Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security ...
Read Blog