Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Many American Military Sites and Intermediate Certificates Secured with Dud SHA-1 Cipher

posted by martyb on Saturday October 31 2015, @01:54AM   Printer-friendly
from the ooops! dept.

Phoenix666 writes:

America, your military fails at security. That's the message from Netcraft security expert Paul Mutton, who has found a bunch of Department of Defence (DoD) agencies issuing SHA-1 certificates.

SHA-1 is almost as old as the art of war: created in 1995, it was secure then, but now, you only need US$75,000 to buy enough cloud CPU to can[sic] crack an SHA-1 signature.

Netcraft is waging war on the stubborn protocol, and earlier this month warned that there's still a quarter of a million SHA-1 certs with expiry dates of 2017 or later.

The use of those certs in dot-mil domains, however, singles it out for special criticism, since the National Institute of Standards and Technology (NIST) has long told US government agencies that SHA-1 is no longer acceptable.

Perhaps the NSA could help the military secure its systems.

[The story in The Register seems to be based on this Netcraft blog post which contains considerably more details about these security shortcomings. -Ed.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Many American Military Sites and Intermediate Certificates Secured with Dud SHA-1 Cipher | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday October 31 2015, @04:08PM

    by Anonymous Coward on Saturday October 31 2015, @04:08PM (#256912)

    Your story is about as helpful as ROT13 is for encryption.