News that a nine-year-old encryption method - one that underlies the protection of virtually all secure online communications - appears to have been cracked by a team of three Chinese researchers has spurred encryption experts around the world to issue a call to action.
The standard, known as SHA-1, "is used in pretty much every cryptographic protocol out there," says encryption expert Bruce Schneier. "(SHA-1 is) used in SSH, in SSL, in S/MIME, in PGP. It's used in IPSec. VPNs use it. Everybody uses it."
The scope of the problem is enormous. Virtually all application and server software that incorporates SHA-1 into its functions - including Web browsers, e-mail clients, instant messaging programs, secure shell clients, and file- and disk-encryption software - will need to be replaced or upgraded.
"We all sort of knew this could happen, but we didn't expect it this bad, this soon," says Schneier, who also blogs about security topics.
"This is a critical break in SHA that is just at the edge of feasibility," Schneier says. But even though SHA-1 has been broken by academics, that doesn't mean the government or criminals will be able to spy on your encrypted communications immediately.
News source:
ieXbeta
Full story:
View Here
Linear Mode
