Has SHA-1 been hacked?

No, not exactly.  The SHA-1 hashing algorithm still does what it is supposed to do.  SHA-1 creates an unpredictable 20 byte “fingerprint” of the data input into the function, in this case a web server certificate.  It is the unpredictability of the output that makes cryptographic hash functions so useful.  … Continue reading

HTTPS: Is it Possible to Forge a Web Server Certificate?

Yes, it is possible in theory to forge the Web Server Certificate that is used in SSL/TLS communication. This is because the certificate is signed by a certificate authority that your browser trusts using a cryptographic hashing algorithm of a specific length. The hashing algorithms that have been used to … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.