|
|
|
|
|
|
by breadtk
3846 days ago
|
|
|
It isn't _completely_ broken. That is why FB is still advocating for a two tiered approach (SHA2 when possible, SHA1 everywhere else). SHA1 hash collisions are indeed now within the range of well funded governments, but it is not within the range of your average script kiddie to find possible collisions. To prove my point, I'd ask you to find an arbitrary Root CA cert which uses SHA1 hash and attempt to clone it. I think you'll find that this takes still a considerable amount of effort and/or it is completely out of reach. I should be clear that SHA1 shouldn't be used for cryptographic purposes that require high amount of trust, but for your average everyday FB status updates it is probably fine when coupled with other protections. |
|
|