Industry News

Migration to SHA-2 Inevitable, as SHA-1 is Broken

The SHA-1 security standard used for digital signatures has been deemed vulnerable by security specialists, prompting accelerated migration to SHA-2 for better security. Privacy specialist Bruce Schneier has predicted in the past that hackers would be able to afford to attack SHA-1 by 2015, as costs were estimated at $700,000.

However, recent research using the power of the cloud and rented graphics cards have significantly dropped the price of renting such services that could be used at breaking the SHA-1 cypto hash.

“We now think that the state-of-the-art attack on full SHA-1 as described in 2013 may cost around 100,000 dollars renting graphics cards in the cloud,” said Marc Stevens of Centrum Wiskunde & Informatica in the Netherlands. “However, we showed that graphics cards are much faster for these attacks and we now estimate that a full SHA-1 collision will cost between 75,000 and 120,000 dollars renting Amazon EC2 cloud over a few months today, in early autumn 2015.”

Microsoft started migrating to SHA-2 in 2013 and Google in 2014, as experts also encouraged web operators to comply with the specifications. In light of the recent research, some argue that web attacks on SSL certificates that still use SHA-1 will increase.

“We urge the industry to consider shifting this deadline up and enterprises should not wait any longer to migrate to SHA-2,” said Kevin Bocek, vice president of security strategy & threat intelligence at Venafi. “We also recommend that IT security teams find these SHA-1 certificates immediately, automate the changing of them and report on their progress way before this deadline approaches – procrastinating on this is just a disaster waiting to happen.”

Everyone still using SHA-1 is encouraged to migrate to SHA-2 before any serious damages occur, potentially leading to data loss or privacy violations.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

1 Comment

Click here to post a comment