First concrete collision attack against SHA-1
zaibon last edited by
Good to know - and I like the file tester on this site.
When you want to check if an website already uses SHA-2 you can use this Site https://shaaaaaaaaaaaaa.com/
This is a script from the guy who wrote this easy to read blogpost about SHA-1 and why it takes so long to replace it.
I hope this collision attack now will reduce the deprecated use of insane MD5 and SHA1 checksums for file downloads!
@zaibon The described attack does not really affects SSL, as SHA1 signed certificates are shown as insecure in most modern browsers.
And Vivaldi 1.7 will not connect to bad SHA1 sites.
The issue described at Shattered has related more to shasums in file signatures and hashsum lists of downloads.
Hadden89 last edited by
Oh, cool, and my smart card personal ID, still gives me a sha1 cert