Threat Post

Practical SHA-1 Collision Months, Not Years, Away

New research into attacks against the SHA-1 cryptographic algorithm lessen the cost and time to arrive at a practical collision. When Bruce Schneier made his oft-cited and mathematically sound ...
Ars Technica

Collision attacks - How do they work?

I was reading the new Ars article about Microsoft's decision to retire SHA-1 due to its vulnerability to collision attacks. The article mentions the well-publicized Flame attack of 2012, a key ...
CSOonline

MD5 attack puts RADIUS networks everywhere at risk

A design flaw in the decades-old RADIUS authentication protocol allows attackers to take over network devices from a man-in-the-middle position by exploiting MD5 hash collisions. The “secure enough” ...
Ars Technica

Fatally weak MD5 function torpedoes crypto protections in HTTPS and IPSEC

If you thought MD5 was banished from HTTPS encryption, you’d be wrong. It turns out the fatally weak cryptographic hash function, along with its only slightly stronger SHA1 cousin, are still widely ...
PC World

Continued support for MD5 endangers widely used cryptographic protocols

The old and insecure MD5 hashing function hasn’t been used to sign SSL/TLS server certificates in many years, but continues to be used in other parts of encrypted communications protocols, including ...