You are viewing a single comment's thread from:

RE: SHA1 Is Now Officially Insecure

in #security8 years ago

Luke, I love reading all your posts. They always have great value in my eyes and I tend to agree with most of your positions. That said, a lot of the stuff you talk about is WAY over my head (not your fault obviously, I just don't know as much about this stuff as you and others do), this post is a prime example. I might as well be reading hieroglyphs. What are the chances you could do a "dumbed down" version in a paragraph or less for us not so technologically advanced peasants? Might be too much to ask, but I thought I would regardless.

Sort:  

We can generate a 'hash' of a file which is basically a big number that will generally be different for every file. It is very hard to create two files that will have the same hash. It's often used to prove that a file hasn't been changed (accidentally or maliciously). There are various algorithms to do this. SHA-1 has been around since 1995 and is considered broken.

So, it essentially is an outdated security feature which is prone to hacking?

Yes. Clever people find ways to shortcut breaking it. Google and others have been encouraging sites to upgrade to something better, but some of them move very slowly. Changing how your site works is likely to break it, so they are very cautious.

I figured this post wouldn't be for everyone (one of the reasons I declined payment). It would take a little bit to explain what a hashing algorithm is and why that's important for security (which also involves blockchain technologies), but for the most part, non-programmers don't have to worry about this stuff too much. There are probably resources online that would do a much better job than I at explaining what this is about.

I'm glad you enjoy reading. I know I can't please everyone all the time, so I appreciate your willingness to learn more and grow. :)