Threat Post

Practical SHA-1 Collision Months, Not Years, Away

New research into attacks against the SHA-1 cryptographic algorithm lessen the cost and time to arrive at a practical collision. When Bruce Schneier made his oft-cited and mathematically sound ...
ZDNet

SSL broken! Hackers create rogue CA certificate using MD5 collisions

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the ...
Forbes

Flame's MD5 collision is the most worrisome security discovery of 2012

In 2009, while I was researching Surviving Cyberwar, I attended the COSAC security conference outside of Dublin for the first time. During an open session I posed this question to the attendees: “Can ...
PC Magazine

Researchers Reveal Secrets of SHA-1 Hash Collision

LAS VEGAS—Elie Bursztein, Google's lead anti-fraud researcher, began his talk here at Black Hat 2017 with an understatement: "It has been a long and interesting journey over the last few years." In ...
CSOonline

MD5 attack puts RADIUS networks everywhere at risk

A design flaw in the decades-old RADIUS authentication protocol allows attackers to take over network devices from a man-in-the-middle position by exploiting MD5 hash collisions. The “secure enough” ...
Computerworld

Ongoing MD5 support endangers cryptographic protocols

The old and insecure MD5 hashing function hasn’t been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including ...