Google cracks longtime pillar of internet security – MarketWatch

A cryptographic technology long central to internet security has been dealt a knockout blow by researchers at Google and a Dutch research institute.

In a paper to be published Thursday, the researchers demonstrate an attack on an algorithm called SHA-1, which has been widely used over the past 20 years to verify the authenticity of digital documents.

SHA-1 has worked behind the scenes to guarantee that the websites people visit are, in fact, are what they claim to be. It is what is known as a hash function--a technique for turning any digital document into a unique 40-digit sequence of letters and numbers. That digital fingerprint serves as a quick way of authenticating digital certificates, passwords, even office documents.

Called a collision attack, the researchers technique is something cryptographers have contemplated since 2005, when researchers in China reported the first significant flaws in SHA-1. Until now, it was only a theoretical attack, said Marc Stevens, a researcher with the Centrum Wiskunde & Informatica in Amsterdam, which collaborated with Alphabet Inc.s Google unit GOOGL, -0.56% on the effort. We actually did it.

An expanded version of this report appears at WSJ.com.

Most popular at WSJ.com:

John McCain makes secret trip to Syria.

How hit team came together to kill Kim Jong Nam.

See the original post:

Google cracks longtime pillar of internet security - MarketWatch

Related Posts

Comments are closed.