Hacker News new | past | comments | ask | show | jobs | submit login

I don't see whats the hurry in deprecating SHA-1, when for things like RC4/weak DH/SSLv3 there wasn't such a hurry, even though for those cases they were known broken.



Surely you missed https://eprint.iacr.org/2015/967.pdf , which prompted the CA/Browser Forum not to delay the SHA1 sunset.


Thanks, thats more worrying than the 2012 article linked on the cloudflare blog. The paper you linked to says 'will cost between 75K US$and 120K US$ and will plausibly take at most a few months', and not $700,000 like the CloudFlare blog does.


That's for a freestart collision, which is not the same as real-world attack. This is a big warning sign, but real attacks aren't that bad yet. https://www.schneier.com/blog/archives/2015/10/sha-1_freesta...




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: