On 23 February 2017 at 20:59, Ca By <cb.li...@gmail.com> wrote: > On Thu, Feb 23, 2017 at 10:27 AM Grant Ridder <shortdudey...@gmail.com> > wrote: > > > Coworker passed this on to me. > > > > Looks like SHA1 hash collisions are now achievable in a reasonable time > > period > > https://shattered.io/ > > > > -Grant > > > Good thing we "secure" our routing protocols with MD5 > > :) > > > > >
One place that use sha1 seems to be some banking gateways. They sign the parameters of some request to authentificate the request has a valid one doing something like "sha1( MerchantID . secureCode . TerminalID . amount . exponent . moneyCode )". I have no idea how evil people would exploit collisions here, but I guest banking will move to the next hash algorithm (sha256?) and deprecate this one. This may affect more "Mom and Pa Online Shop" than bigger services. -- -- ℱin del ℳensaje.
