Security & Fraud

Google Cracks Old Cryptographic Algorithm As A Wake-Up Call To Companies

Google was able to crack the code on an old cryptographic algorithm that had been used online to check the authenticity of digital artifacts.

According to a report by Forbes, the cryptographic algorithm is called SHA-1, and by using a ton of math and computing power, Google and researchers from the CWI Institute were able to create a different file and gave it the same hash or string of characters as SHA-1. Forbes noted the attack Google and the CWI Institute demonstrated is called collision and is very rare.

Forbes reported the attack on SHA-1, which Google is calling the Shattered attack, may work in situations where the SHA-1 is still trusted. Forbes noted GNuPG e-mail encryption still considers SHA-1 safe, and Microsoft still uses it even if it is phasing it out.

Although Google was able to hack the SHA-1, Forbes noted people shouldn’t be too concerned since SHA-1 is old, and while widely deployed, big companies are downplaying SHA-1 and won’t use it for verification processes. The Chrome browser, noted Forbes, will automatically tag any SSL certificate that uses SHA-1 as insecure. Microsoft has already announced it would phase out SHA-1 by the middle of 2017.

A spokesperson for Microsoft told Forbes: “Today’s report is further evidence that SHA-1’s useful lifetime has ended as part of the normal lifecycle of encryption technologies. Microsoft has worked with the industry since 2012 to phase out the use of SHA-1. Microsoft Edge and IE 11 do not consider websites using SHA-1 certificates secure, so do not show the lock icon that’s used to indicate a secure site in the browser’s address bar.”

Google is hoping its research will drive more companies to stop using SHA-1. “We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256,” Google said in a blog post, noted Forbes.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the December 2019 Mobile Card App Adoption Study, PYMNTS surveyed 2,000 U.S. consumers for a reveal of the four most compelling features apps must have to engage users and drive greater adoption.

Click to comment