In this article, we discuss why Pagefreezer specifically uses the SHA-256 tagging algorithm when implementing digital signatures.
We use SHA-256 because this 256-bit key is much more secure than other common hashing algorithms. Without going into too much technical detail, here are the key benefits.
- It’s a secure and trusted industry standard:
- SHA-256 is an industry standard that is trusted by leading public-sector agencies and used widely by technology leaders.
- Collisions are incredibly unlikely:
- There are SHA-256 possible hash values when using SHA-256, which makes it nearly impossible for two different documents to coincidentally have the exact same hash value. (More on this in the following section).
- The avalanche effect:
- Unlike some older hashing algorithms, even a very minor change to the original information completely changes the hash value — what is known as an avalanche effect.
The Great SHA-1 Collision
Like MD5, the popular SHA-1 algorithm is also broken. As far back as 2005, a convincing theory for how SHA-1 could be broken was proposed by researchers, and the National Institute of Standards and Technology (NIST) immediately suggested that federal agencies move to SHA-2. In 2017, this theoretical vulnerability was made very real when Google announced the first official SHA-1 collision.
For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure.
Finding a practical collision attack breaks the hash function badly of course, but the actual damage that can be done with such a collision is somewhat limited as the attacker will have little to no control on the actual data that collides,” one of the researchers, Thomas Peyrin, told ZDNet after the paper was published. “A much more interesting attack is to find a so-called ‘chosen-prefix collision,’ where the attacker can freely choose the prefix for the two colliding messages. Such collisions change everything in terms of threat because you can now consider having collisions with meaningful data inside (like names or identities in a digital certificate, etc).
Don’t Rely on Old Technology with Vulnerabilities
Since a much better option is available, there is no reason to make use of hashing algorithms that have known vulnerabilities. NIST’s official stance on SHA-1 is the following: “Federal agencies should stop using SHA-1 for generating digital signatures, generating timestamps and for other applications that require collision resistance.”
Yet, despite this, many private-sector companies continue to use SHA-1 (and sometimes even MD5) — a decision that opens up their data to questions of accuracy and authenticity. We believe in always taking a best-practices approach. And we take data security very seriously at Pagefreezer. That’s why we are ISO 27001 certified and SOC 2 compliant. It’s also why we use SHA-256. We want the authenticity of our records to be beyond question.
Want to learn more about hash values and the authentication of digital evidence? Download our reference guide, Authenticating Digital Evidence Under FRE 902(13) and (14): Using Digital Signatures (Hash Values) and Metadata to Create Self-Authenticating Digital Evidence.
Register : #sha256 #mining #bitcoin #profit
https://sha-256.io/?ref=rizkigbastian47@gmail.com