SlideShare a Scribd company logo

SHA-1 Collision Found - eSCan

MicroWorld Software Services Pvt Ltd
MicroWorld Software Services Pvt Ltd

Google recently announced that they have successfully Generated a collision for SHA-1, although it would 90 more days before they reveal to the world as to how they accomplished this task.

Technology
1 of 3
Download to read offline
1#Choice of DIGITAL WORLD Enterprise Security An ISO 27001 Certified Company www.escanav.com SHA-1 Collision Found
Google recently announced that they have successfully generated a collision for SHA-1, although it would 90 more days before they reveal to the world as to how they accomplished this task. Hashing functions are an important aspect of cryptography, since they are used for comparison, finding duplicates and the most important fact is that hashing algorithms are one-way, ie. the resultant string cannot be reversed to find the original string. Due to this, Vendors have been using one-way hashing algorithms like MD-5, SHA-1,SHA-256 to store passwords and whenever the correct password is provided by the user, the resultant Hash will always match with the stored value, thus validating the authentication process. Computation of Hash Collision is based on the fact that , there might exist two different strings which would generate the same Hash or, by using enough computational power, the original string used for generating the Hash could be found, there-by rendering the usage of the said Hash Algorithm useless. With the advancements in the technology and faster computation being made available , this doesn’t surprise the experts, it was just a matter of
time before someone could have come up with an algorithm to find the collision. MD5 , as an hashing algorithm which was not just cracked but the collisions have also been made available with almost 829.726 Billion unique decrypted hashes have been made available publicly. eScan warns that , every vendor / developer who uses SHA-1 as the preferred algorithm for password comparison, should switch over to SHA-3 or SHA-256. Since, as of this moment, SHA-3 and SHA-256 are considered to be very tough and should be able to with-stand the onslaught of computational power for next few years.

Recommended

A secure and dynamic multi
A secure and dynamic multiA secure and dynamic multi
A secure and dynamic multi
Shakas Technologies
 
Hashing
HashingHashing
Hashing
yashwantsingh122
 
The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing Algorithm
Bob Landstrom
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing Algorithms
IRJET Journal
 
Hashes
HashesHashes
Hashes
primeteacher32
 
Comparative hash algorithm power point presentation
Comparative hash algorithm power point presentationComparative hash algorithm power point presentation
Comparative hash algorithm power point presentation
HajaAjmeerdeen
 
Md5
Md5Md5
Md5
annamalai
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 

Recommended

A secure and dynamic multi
A secure and dynamic multiA secure and dynamic multi
A secure and dynamic multi
Shakas Technologies
 
Hashing
HashingHashing
Hashing
yashwantsingh122
 
The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing Algorithm
Bob Landstrom
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing Algorithms
IRJET Journal
 
Hashes
HashesHashes
Hashes
primeteacher32
 
Comparative hash algorithm power point presentation
Comparative hash algorithm power point presentationComparative hash algorithm power point presentation
Comparative hash algorithm power point presentation
HajaAjmeerdeen
 
Md5
Md5Md5
Md5
annamalai
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 
Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography Assignment
Ashik Iqbal
 
ch12.ppt
ch12.pptch12.ppt
ch12.ppt
SomuPatil8
 
HMAC&CMAC.ppt
HMAC&CMAC.pptHMAC&CMAC.ppt
HMAC&CMAC.ppt
DrVASAVIBANDE
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
Bob Landstrom
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web Applications
Islam Heggo
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
Vlad Garbuz
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
fangjiafu
 
Md5
Md5Md5
Md5
Sanjeevsharma620
 
Hashing
HashingHashing
Hashing
RumanaJasmeenShaik
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET Journal
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
 
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
SIR SUCCESS PRINCE DUAH DUAH
 
Compliance collisions-misconceptions
Compliance collisions-misconceptionsCompliance collisions-misconceptions
Compliance collisions-misconceptions
Richard Bocchinfuso
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)
Saravanan T.M
 
Information and network security 40 sha3 secure hash algorithm
Information and network security 40 sha3 secure hash algorithmInformation and network security 40 sha3 secure hash algorithm
Information and network security 40 sha3 secure hash algorithm
Vaibhav Khanna
 
Cryptography
CryptographyCryptography
Cryptography
okolo chukwudumebi prince
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
CheapSSLsecurity
 
HASH FUNCTIONS.pdf
HASH FUNCTIONS.pdfHASH FUNCTIONS.pdf
HASH FUNCTIONS.pdf
KalsoomTahir2
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

More Related Content

Similar to SHA-1 Collision Found - eSCan

Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
fangjiafu
 
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
SIR SUCCESS PRINCE DUAH DUAH
 
Compliance collisions-misconceptions
Compliance collisions-misconceptionsCompliance collisions-misconceptions
Compliance collisions-misconceptions
Richard Bocchinfuso
 

Similar to SHA-1 Collision Found - eSCan (20)

Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography Assignment
 
ch12.ppt
ch12.pptch12.ppt
ch12.ppt
 
HMAC&CMAC.ppt
HMAC&CMAC.pptHMAC&CMAC.ppt
HMAC&CMAC.ppt
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web Applications
 
Applied cryptanalysis - everything else
Applied cryptanalysis - everything elseApplied cryptanalysis - everything else
Applied cryptanalysis - everything else
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
 
Md5
Md5Md5
Md5
 
Hashing
HashingHashing
Hashing
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
HMAC SHA 256- PROPOSED AUTHENTICATION ALGORITHM-PRINCE DUAH MENSAH-MPhil IT (...
 
Compliance collisions-misconceptions
Compliance collisions-misconceptionsCompliance collisions-misconceptions
Compliance collisions-misconceptions
 
Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)Design of Secure Hash Algorithm(SHA)
Design of Secure Hash Algorithm(SHA)
 
Information and network security 40 sha3 secure hash algorithm
Information and network security 40 sha3 secure hash algorithmInformation and network security 40 sha3 secure hash algorithm
Information and network security 40 sha3 secure hash algorithm
 
Cryptography
CryptographyCryptography
Cryptography
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
HASH FUNCTIONS.pdf
HASH FUNCTIONS.pdfHASH FUNCTIONS.pdf
HASH FUNCTIONS.pdf
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 

Recently uploaded

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

SHA-1 Collision Found - eSCan

  • 1. 1#Choice of DIGITAL WORLD Enterprise Security An ISO 27001 Certified Company www.escanav.com SHA-1 Collision Found
  • 2. Google recently announced that they have successfully generated a collision for SHA-1, although it would 90 more days before they reveal to the world as to how they accomplished this task. Hashing functions are an important aspect of cryptography, since they are used for comparison, finding duplicates and the most important fact is that hashing algorithms are one-way, ie. the resultant string cannot be reversed to find the original string. Due to this, Vendors have been using one-way hashing algorithms like MD-5, SHA-1,SHA-256 to store passwords and whenever the correct password is provided by the user, the resultant Hash will always match with the stored value, thus validating the authentication process. Computation of Hash Collision is based on the fact that , there might exist two different strings which would generate the same Hash or, by using enough computational power, the original string used for generating the Hash could be found, there-by rendering the usage of the said Hash Algorithm useless. With the advancements in the technology and faster computation being made available , this doesn’t surprise the experts, it was just a matter of
  • 3. time before someone could have come up with an algorithm to find the collision. MD5 , as an hashing algorithm which was not just cracked but the collisions have also been made available with almost 829.726 Billion unique decrypted hashes have been made available publicly. eScan warns that , every vendor / developer who uses SHA-1 as the preferred algorithm for password comparison, should switch over to SHA-3 or SHA-256. Since, as of this moment, SHA-3 and SHA-256 are considered to be very tough and should be able to with-stand the onslaught of computational power for next few years.