Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

SHA-1 is officially compromised

LincLinc Director of DevelopmentDetroit Vanilla Staff

Today, Google announced the first SHA-1 collision. In 90 days they will release the code to duplicate their attack. In practical terms, it means you need to move any SHA-1 using applications to SHA-256 as soon as possible. This includes, potentially, jsConnect connections.



Sign In or Register to comment.