Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

SHA-1 Chosen-prefix Collision Attack

Avatar
Ingrid
Follow
Publication Date – May 17, 2019

The SHA-1 chosen-prefix collision attack provides evidence that SHA-1 should not be used as a trusted hash function for security purposes.

If SHA-1 is being used in SSL leaf certificates, the TLS/SSL Certificates finding is graded BAD.

Remediation

To see if your organization is vulnerable, search for “sha1” within your TLS/SSL Certificates findings and update the affected certificates.

Reference

CBS Interactive, “SHA-1 collision attacks are now actually practical and a looming danger”

Related articles