Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday October 31 2015, @01:54AM   Printer-friendly
from the ooops! dept.

America, your military fails at security. That's the message from Netcraft security expert Paul Mutton, who has found a bunch of Department of Defence (DoD) agencies issuing SHA-1 certificates.

SHA-1 is almost as old as the art of war: created in 1995, it was secure then, but now, you only need US$75,000 to buy enough cloud CPU to can[sic] crack an SHA-1 signature.

Netcraft is waging war on the stubborn protocol, and earlier this month warned that there's still a quarter of a million SHA-1 certs with expiry dates of 2017 or later.

The use of those certs in dot-mil domains, however, singles it out for special criticism, since the National Institute of Standards and Technology (NIST) has long told US government agencies that SHA-1 is no longer acceptable.

Perhaps the NSA could help the military secure its systems.

[The story in The Register seems to be based on this Netcraft blog post which contains considerably more details about these security shortcomings. -Ed.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Valkor on Saturday October 31 2015, @03:16AM

    by Valkor (4253) on Saturday October 31 2015, @03:16AM (#256779)

    "SHA-1 is almost as old as the art of war: created in 1995" Hmmm yes quite old.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2, Informative) by Francis on Saturday October 31 2015, @03:20AM

    by Francis (5544) on Saturday October 31 2015, @03:20AM (#256782)

    I'm trying to figure out what they're referring to as that books is ancient.