Difference between revisions of "SHA-1 (deprecated)"

From wikieduonline
Jump to navigation Jump to search
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[wikipedia:SHA-1]]
+
[[wikipedia:SHA-1]] is deprecated
  
Disabled in [[OpenSSH 8.8]] September 2021
+
== Status ==
 +
* Disabled in [[OpenSSH 8.8]] September 2021
 +
* Not supported in [[Terraform changelog|Terraform]] since 1.2 (May 2022)
  
 
== Attacks ==
 
== Attacks ==
 
[[Certificates]] are at special risk to the aforementioned [[SHA1 collision]] vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief [[LoginGraceTime]] window that they have to forge a host key signature.
 
[[Certificates]] are at special risk to the aforementioned [[SHA1 collision]] vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief [[LoginGraceTime]] window that they have to forge a host key signature.
 +
 +
== Related ==
 +
* [[BLAKE2s]] [[Linux Kernel 5.17]]
  
 
== See also ==
 
== See also ==

Latest revision as of 06:21, 31 August 2022

wikipedia:SHA-1 is deprecated

Status[edit]

Attacks[edit]

Certificates are at special risk to the aforementioned SHA1 collision vulnerability as an attacker has effectively unlimited time in which to craft a collision that yields them a valid certificate, far more than the relatively brief LoginGraceTime window that they have to forge a host key signature.

Related[edit]

See also[edit]

Advertising: