HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SHA-1 is officially compromised

Today, Google announced the first SHA-1 collision. In 90 days they will release the code to duplicate their attack. In practical terms, it means you need to move any SHA-1 using applications to SHA-256 as soon as possible. This includes, potentially, jsConnect connections.



Sign In or Register to comment.