Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

OpenSSH to deprecate SHA-1 logins due to security risk

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 28 May 2020 05:04:36 +0000 (UTC)
https://www.zdnet.com/article/openssh-to-deprecate-sha-1-logins-due-to-security-risk/

By Catalin Cimpanu
Zero Day
ZDNet.com
May 27, 2020
OpenSSH, the most popular utility for connecting to and managing remote servers, has announced today plans to drop support for its SHA-1 authentication scheme.
The OpenSSH team cited security concerns with the SHA-1 hashing algorithm, currently considered insecure.
The algorithm was broken in a practical, real-world attack in February 2017, when Google cryptographers disclosed SHAttered, a technique that could make two different files appear as they had the same SHA-1 file signature.
At the time, creating an SHA-1 collision was considered computationally expensive, and Google experts thought SHA-1 could still be used in practice for at least half a decade until the cost would go down. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: