A popular encryption algorithm is being killed because it is too weak, DigiTech Geeks Mobile Computing News

By -
A popular encryption algorithm is being killed because it is too weak

The developers of two open source code libraries for Secure Shell, which is the protocol used by millions of computers to create encrypted connections, have decided to no longer support the Secure Hash Algorithm 1 (SHA-1) due to growing security concerns.

As reported by Ars Technica, developers using the OpenSSH and Libssh libraries will no longer be able to use SHA-1 to digitally sign encryption keys going forward. In its release notes, OpenSSH explained why it will no longer support SHA-1, saying:

“It is now possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm by default in a near-future release. This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.”

SHA-1 is a cryptographic hash function that was first developed in 1995. It is used for producing hash “digests” which are each 40 hexadecimal characters long and these digests are meant to be distinct for every message, file and function that uses them.

Hash collisions

A collision is a cryptographic term used to describe when two or more inputs generate the same outputted digest and researchers began warning that SHA-1 was becoming increasingly vulnerable to collisions almost a decade ago. 

In 2017, SHA-1 fell victim to a collision attack that cost $110,000 to produce which lead to a number of browsers, browser-trusted certificate authorities and software update systems to abandon the algorithm though some services and software continued using it despite the risk.

However, in January of this year, researchers showed that an even more powerful collision attack could be launched for just $45,000. This chosen-prefix attack showed that it is possible to modify an existing input and still end up with the same SHA-1 hash and an attacker could use this method to alter documents or software to bypass SHA-1-based integrity checks.

While OpenSSH and Libssh will no longer support SHA-1, the encryption algorithm is still supported in recent versions of OpenSSL.

  • We've also highlighted the best VPN services

Via Ars Technica



Click here to read full article.




Download our Android App for all the latest Tech News: Click here to download our DTG Android App
#DigiTechGeeks #DTG

Comments

Post a Comment

Popular posts from this blog

What Is the “System Volume Information” Folder, and Can I Delete It?

By -
Image
What Is the “System Volume Information” Folder, and Can I Delete It? On every Windows drive—even external USB drives—you’ll find a “System Volume Information” folder. You’ll only see it if you have Windows set to  show hidden files and folders , but it’s always there. So what is it for? Why Can’t I Open the Folder? On drives formatted with  the NTFS file system , this folder’s permissions are set to prevent everyone from accessing the folder, even users with Administrator permissions. Double-click the folder and you’ll see an error message saying the “location is not available” and “access is denied.” This is normal. That’s because Windows uses this folder for certain system-level features. The permissions are set to prevent users—and programs without the appropriate permissions—from tampering with the files inside and interfering with important system functions. What Is It For? Among other things, Windows stores  System Restore points  in the System Volume
Read more

The best early January sales and deals for 2020 that are live now , DigiTech Geeks Mobile Computing News

By -
Image
The best early January sales and deals for 2020 that are live now The best early January sales 2020 Jump straight to the New Year deals you want... Phone and tablet deals Wearable deals Computing deals Audio deals Gaming deals TV deals Smart home deals Camera deals Home deals The January sales 2020 have arrived early. Sure, we still need to get through New Year's Eve – and many Boxing Day sales are still going strong – but a wealth of New Year deals have dropped already.  In fact, there are some brilliant offers to be had if you've got a load of Christmas cash and gift cards burning a hole in your pocket – but scouring the sales can be a slog.  Rather than leaving the warmth of your home, or spending hours on the internet while your family are in another room, we've done the hard work for you. We've searched through the most exciting early January sales to bring you the very best New Year deals available now. Below, you'll find the biggest
Read more

With no good Black Friday iPad deals, it's time to turn to the Android side , DigiTech Geeks Mobile Computing News

By -
Image
With no good Black Friday iPad deals, it's time to turn to the Android side The Black Friday iPad deals are never any good, but in 2021 they've somehow failed to clear that laughably low bar, and we've still been surprised by just how poor the Apple-tablet discounts are this year. Seriously – we're talking just $50 / £50 off super-power iPad Pros , and sometimes no discounts at all on entry-level or Mini tablets – and this outlook very likely won't change for the Cyber Monday iPad deals . If you were wanting to buy a new iPad in the Black Friday sales, it might seem like you're plum out of luck. (Not in the US or UK? Scroll down for deals in your region). It's not all bad news though, not as long as you're willing to try new things (and aren't committed to the Apple ecosystem already). That's because there are a few worthy tablet Black Friday deals on Android slates that make them much, much more tempting than an iPad. Sure, sure, sure: i
Read more