America, your military fails at security. That's the message from Netcraft security expert Paul Mutton, who has found a bunch of Department of Defence (DoD) agencies issuing SHA-1 certificates.
SHA-1 is almost as old as the art of war: created in 1995, it was secure then, but now, you only need US$75,000 to buy enough cloud CPU to can[sic] crack an SHA-1 signature.
Netcraft is waging war on the stubborn protocol, and earlier this month warned that there's still a quarter of a million SHA-1 certs with expiry dates of 2017 or later.
The use of those certs in dot-mil domains, however, singles it out for special criticism, since the National Institute of Standards and Technology (NIST) has long told US government agencies that SHA-1 is no longer acceptable.
Perhaps the NSA could help the military secure its systems.
[The story in The Register seems to be based on this Netcraft blog post which contains considerably more details about these security shortcomings. -Ed.]
(Score: 2) by Valkor on Saturday October 31 2015, @03:16AM
"SHA-1 is almost as old as the art of war: created in 1995" Hmmm yes quite old.
(Score: 2, Informative) by Francis on Saturday October 31 2015, @03:20AM
I'm trying to figure out what they're referring to as that books is ancient.