Skip to main content

sha1-broken

According to a number of places, but primarily Bruce Schneier, SHA-1 has been broken by a team of researchers in China. It's not time to panic if you're using it, but it is time to start thinking about a replacement.

Schneier notes that hashing isn't very well understood. Encryption, he notes, is much better understood and therefore more secure. Unlike RSA's SecurID and other token-based two-factor authentication systems, WiKID uses asymmetric cryptography in our WiKID Strong Authentication System.

It seems as though researchers are improving their ability to break hashing systems. Scott Contini and Yiqun Lisa Yin published a paper on Fast Software-Based Attacks on SecurID.

While their research isn't a smoking gun, they make a solid case for not recycling your tokens, which is frequently done.
Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom