2021년 2월 17일 (수) 08:56에 Pythagoras0님의 편집

2021-02-17T08:56:14Z

Pythagoras0: /* 메타데이터 */ 새 문단

2020-12-26T13:19:26Z

메타데이터: 새 문단

Pythagoras0: /* 노트 */ 새 문단

2020-12-16T07:56:07Z

노트: 새 문단

새 문서

== 노트 ==

* The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the same way as for the SHA1 functions.<ref name="ref_a50c">[https://www.openssl.org/docs/man1.1.0/man3/SHA1.html SHA1.html]</ref>
* In 2017, a number of companies announced they would no longer support SHA-1 signing.<ref name="ref_ad42">[https://www.ibm.com/support/pages/why-use-sha256-instead-sha1 Why use SHA256 instead of SHA1?]</ref>
* Collision attacks are possible, where cyber criminals can cause MD5 and SHA1 collisions to steal data and cause other problems.<ref name="ref_ad42" />
* When 2017 came, the browser companies all stopped accepting SHA1 signing.<ref name="ref_ad42" />
* The rest of the computer industry that exchanges data also began to shift away from SHA1 as a signing algorithm.<ref name="ref_ad42" />
* It’s well known that SHA-1 is no longer considered a secure cryptographic hash function.<ref name="ref_5559">[https://blog.cloudflare.com/why-its-harder-to-forge-a-sha-1-certificate-than-it-is-to-find-a-sha-1-collision/ Why it’s harder to forge a SHA-1 certificate than it is to find a SHA-1 collision]</ref>
* SHA-1 (SHA stands for Secure Hash Algorithm) in 1995 as a standard for cryptographically secure hashing.<ref name="ref_5559" />
* Computing a SHA-1 collision might be feasible in 2016, and there's a chance that chosen-prefix attacks also become feasible.<ref name="ref_5559" />
* A hash collision in SHA-1 is bad, but it’s not what matters for web security.<ref name="ref_5559" />
* If your site is still using SHA-1 certificates, then visitors to your website in Chrome will be met with this warning.<ref name="ref_df84">[https://www.venafi.com/education-center/ssl/sha-1-deprecation SHA-1 Deprecation]</ref>
* However, experts have known since 2005 that the original SHA-1 certificate was vulnerable to attack.<ref name="ref_df84" />
* In response to rising concerns, the NIST (National Institute of Standards and Technology) officially deprecated SHA-1 in 2011.<ref name="ref_df84" />
* SHA-1 n practice using a simulated collision attack.<ref name="ref_df84" />
* In non-technical terms, an attacker can more easily create two DNS records that have the same SHA-1 hash value.<ref name="ref_5585">[https://www.icann.org/news/blog/it-s-time-to-move-away-from-using-sha-1-in-the-dns It’s Time to Move Away From Using SHA-1 in the DNS]</ref>
* This improved attack has serious consequences for all parts of the Internet that use SHA-1.<ref name="ref_5585" />
* In DNSSEC, SHA-1 is part of some signature algorithms which have been used since the early days of securing the DNS.<ref name="ref_5585" />
* In fact, more than 250 top-level domains (TLDs) are still using algorithms with SHA-1.<ref name="ref_5585" />
* and we recommend they also support SHA-1 for backward compatibility during the transition period.<ref name="ref_4cab">[http://www.imsglobal.org/security-bulletin-deprecation-notice-sha-1-hash-algorithm Security Bulletin Deprecation notice for SHA-1 Hash Algorithm]</ref>
* Hash Algorithm 1 or SHA-1 is a cryptographic hash function designed by the United States National Security Agency and released in 1995.<ref name="ref_bea9">[https://auth0.com/blog/sha-1-collision-attack/ SHA-1 Has Been Compromised In Practice]</ref>
* The team published a practical technique showing how to generate a collision bringing the fears that SHA-1 was insecure to reality.<ref name="ref_bea9" />
* This is a big deal because even though many organizations have stopped using SHA-1, underlying systems still often rely on SHA-1.<ref name="ref_bea9" />
* Software updates, ISO checksums, PGP signatures, digital certificate signatures, git, and others still make use of SHA-1 for data integrity.<ref name="ref_bea9" />
* However SHA-1 was adopted in 1995, a long time ago in internet years.<ref name="ref_0ab2">[https://www.ssl247.com/kb/ssl-certificates/generalinformation/what-is-sha1-sha2 What is SHA-1 / SHA-2 ?]</ref>
* It works the same way as SHA-1, but produces a longer fingerprint when used on a message.<ref name="ref_0ab2" />
* The hard work required to transition from SHA-1 to SHA-2 has already been taken care of.<ref name="ref_0ab2" />
* SHA-1 is a cryptographic hash function, mapping bitstrings of arbitrary finite length to strings of fixed length.<ref name="ref_6dc9">[https://www.cryptomathic.com/news-events/blog/the-sha-1-attack-further-emphasizes-the-need-for-crypto-agility The SHA-1 Attack Further Emphasizes the Need for Crypto-Agility]</ref>
* SHA-1 has been broken in 2005 by a theoretical collision attack.<ref name="ref_6dc9" />
* In 2017, a practical collision attack on SHA-1 was reported, and the first known instance of a SHA-1 collision was provided.<ref name="ref_6dc9" />
* Commercial products that use cryptography from reputable vendors are likely to have phased out SHA-1 by now - but you might like to check!<ref name="ref_6dc9" />
* We’ve previously made several announcements about Google Chrome's deprecation plans for SHA-1 certificates.<ref name="ref_3ae7">[https://www.chromium.org/Home/chromium-security/education/tls/sha-1 A further update on SHA-1 certificates in Chrome]</ref>
* We may also remove support before 2019 if there is a catastrophic cryptographic break of SHA-1.<ref name="ref_3ae7" />
* The good news is, almost no one is still using SHA-1, so you don’t need to rush out and install any patches.<ref name="ref_3f71">[https://www.theverge.com/2017/2/23/14712118/google-sha1-collision-broken-web-encryption-shattered Google just cracked one of the building blocks of web encryption (but don’t worry)]</ref>
* Google publicly broke one of the major algorithms in web encryption, called SHA-1.<ref name="ref_3f71" />
* SHA-1 is a hashing function, which produces a digital fingerprint from a given file.<ref name="ref_3f71" />
* As a result, most sites have already dropped SHA-1.<ref name="ref_3f71" />
* SHA1 generates an almost-unique 160-bit (20-byte) signature for a text.<ref name="ref_32d6">[https://www.movable-type.co.uk/scripts/sha1.html Movable Type Scripts]</ref>
* SHA-1 is is no longer recommended for cryptographic purposes (SHA-256 or SHA-3 are now preferred).<ref name="ref_32d6" />
* Google have now achieved a collision attack on SHA-1.<ref name="ref_32d6" />
* As of January 16, 2015, CAs will be forbidden to issue SHA-1 Certificates that expire past December 31, 2016.<ref name="ref_e02a">[https://support.globalsign.com/ssl/ssl-certificates-life-cycle/sha-256-rollout SHA-256 Rollout :: SHA-256 Rollout :: GlobalSign Support]</ref>
* Note that SHA-1 SSL Certificates that are valid past 1/1/2017 will show as untrusted in Chromium 41.<ref name="ref_e02a" />
* Note that after January 01, 2017, Firefox will not trust any SHA-1 Certificate.<ref name="ref_e02a" />
* Open a terminal and run the keytool utility provided with Java to get the SHA-1 fingerprint of the certificate.<ref name="ref_b591">[https://developers.google.com/android/guides/client-auth Authenticating Your Client]</ref>
* According to the official Git hash function transition document, the insecurity of SHA-1 has been known for some time.<ref name="ref_8759">[https://thenewstack.io/git-transitioning-away-from-the-aging-sha-1-hash/ Git Transitioning Away from the Aging SHA-1 Hash – The New Stack]</ref>
* The document states, “Over time some flaws in SHA-1 have been discovered by security researchers.<ref name="ref_8759" />
* Git plans on migrating from SHA-1 to SHA-265.<ref name="ref_8759" />
* We show that collisions of SHA-1 can be found with complexity less than 269 hash operations.<ref name="ref_b82f">[https://link.springer.com/chapter/10.1007/11535218_2 Finding Collisions in the Full SHA-1]</ref>
* We strongly advise to remove SHA-1 from those type of applications as soon as possible.<ref name="ref_7062">[https://www.usenix.org/conference/usenixsecurity20/presentation/leurent SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust]</ref>
* We exemplify our cryptanalysis by creating a pair of PGP/GnuPG keys with different identities, but colliding SHA-1 certificates.<ref name="ref_7062" />
* A SHA-1 certification of the first key can therefore be transferred to the second key, leading to an impersonation attack.<ref name="ref_7062" />
* This proves that SHA-1 signatures now offer virtually no security in practice.<ref name="ref_7062" />
* “Our work show that SHA-1 is now fully and practically broken for use in digital signatures.<ref name="ref_adf2">[https://duo.com/decipher/sha-1-fully-and-practically-broken-by-new-collision SHA-1 ‘Fully and Practically Broken’ By New Collision]</ref>
* “SHA-1 usage has significantly decreased in the last years; in particular web browsers now reject certificates signed with SHA-1.<ref name="ref_adf2" />
* However, SHA-1 signatures are still supported in a large number of applications.<ref name="ref_adf2" />
* Hash computing the SHA1 checksum.<ref name="ref_ad7c">[https://golang.org/pkg/crypto/sha1/ The Go Programming Language]</ref>
* From RFC 3174 - The US Secure Hash Algorithm 1: "SHA-1 produces a 160-bit output called a message digest.<ref name="ref_2c49">[https://www.w3schools.com/php/func_string_sha1.asp PHP sha1() Function]</ref>
* customers prepare for and move to SHA-2, the set of cryptographic hash functions that have succeeded SHA-1.<ref name="ref_d0b4">[https://www.csoonline.com/article/2879073/all-you-need-to-know-about-the-move-from-sha1-to-sha2-encryption.html All you need to know about the move from SHA-1 to SHA-2 encryption]</ref>
* Over time, several continued cryptographic attacks against SHA-1 started to shorten its effective key length.<ref name="ref_d0b4" />
* The root CA’s own CA certificate does not have to be migrated to SHA-2 even if it is still SHA-1.<ref name="ref_d0b4" />
* Although no significant cryptographic weakness has been found in SHA-2, it's considered algorithmically related to SHA-1.<ref name="ref_d0b4" />
* First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust”.<ref name="ref_9574">[https://portswigger.net/daily-swig/researchers-demonstrate-practical-break-of-sha-1-hash-function Researchers demonstrate practical break of SHA-1 hash function]</ref>
* The following example shows a valid DSig 1.0 SHA1 resinfo extension with two SHA1 hashes of the referenced information resource.<ref name="ref_3059">[https://www.w3.org/PICS/DSig/SHA1_1_0.html SHA1 version 1.0]</ref>
* Given the footprint of SHA-1, Leurent and Peyrin said that users of GnuPG, OpenSSL and Git could be in immediate danger.<ref name="ref_b783">[https://threatpost.com/exploit-fully-breaks-sha-1/151697/ Exploit Fully Breaks SHA-1, Lowers the Attack Bar]</ref>
* But that’s not the only remaining bastion for SHA-1.<ref name="ref_b783" />
* And many non-Web applications that rely on HTTPS encryption still accept SHA-1 certificates.<ref name="ref_b783" />
* “Our work shows that SHA-1 is now fully and practically broken for use in digital signatures,” Leurent and Peyrin wrote in their paper.<ref name="ref_b783" />
* Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable.<ref name="ref_b6b0">[https://shattered.io/ SHAttered]</ref>
* Any Certification Authority abiding by the CA/Browser Forum regulations is not allowed to issue SHA-1 certificates anymore.<ref name="ref_b6b0" />
* Starting from version 56, released in January 2017, Chrome will consider any website protected with a SHA-1 certificate as insecure.<ref name="ref_b6b0" />
* GIT strongly relies on SHA-1 for the identification and integrity checking of all file objects and commits.<ref name="ref_b6b0" />
* It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.<ref name="ref_329b">[https://en.wikipedia.org/wiki/Secure_Hash_Algorithms Secure Hash Algorithms]</ref>
* Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.<ref name="ref_329b" />
* Does this mean that achieving SHA-1 collisions is now within the grasp of most attackers?<ref name="ref_b65b">[https://www.computerworld.com/article/3173616/the-sha1-hash-function-is-now-completely-unsafe.html The SHA1 hash function is now completely unsafe]</ref>
* NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013.<ref name="ref_57e8">[https://en.wikipedia.org/wiki/SHA-1 Wikipedia]</ref>
* As such, it is recommended to remove SHA-1 from products as soon as possible and instead use SHA-2 or SHA-3.<ref name="ref_57e8" />
* SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function.<ref name="ref_57e8" />
* Publicly available techniques did indeed demonstrate a compromise of SHA-0, in 2004, before SHA-1 in 2017.<ref name="ref_57e8" />
* This online tool allows you to generate the SHA1 hash from any string.<ref name="ref_9dbe">[https://passwordsgenerator.net/sha1-hash-generator/ SHA1 Hash Generator Online]</ref>
* A growing body of research showing the weaknesses of SHA-1 prompted a revaluation.<ref name="ref_9dff">[https://www.thesslstore.com/blog/difference-sha-1-sha-2-sha-256-hash-algorithms/ The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms]</ref>
* The deadline for issuing new SSL certificates with SHA-1 hashes was December 31st, 2015.<ref name="ref_9dff" />
* But over the last three years SHA-1 certificates have almost entirely died out.<ref name="ref_9dff" />
* Today, if you encounter a SHA-1 certificate, you will see an unmistakable warning.<ref name="ref_9dff" />
===소스===
<references />

@@ 85번째 줄: / 85번째 줄: @@
   <references />
-== 메타데이터 ==
+==메타데이터==
 ===위키데이터===
 * ID :  [https://www.wikidata.org/wiki/Q13414952 Q13414952]

← 이전 판		2020년 12월 26일 (토) 13:19 판
84번째 줄:		84번째 줄:
	===소스===		===소스===
	<references />		<references />
		+
		+	== 메타데이터 ==
		+
		+	===위키데이터===
		+	* ID : [https://www.wikidata.org/wiki/Q13414952 Q13414952]

SHA-1 - 편집 역사

2021년 2월 17일 (수) 08:56에 Pythagoras0님의 편집

Pythagoras0: /* 메타데이터 */ 새 문단

Pythagoras0: /* 노트 */ 새 문단