Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: phranque
For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure.
However, it is not beyond the reach of a large corporation or intelligence agency to forge a TLS certificate, a Git repo...