A hash is a string of characters produced when a one-way encryption algorthim processes a message. This process enables a browser or program API to ensure that a message has not been tampered with.
It is meant to be impossible to find two messages that produce the same hash however in reality there are always are, and when this happens it is referred to as a "hash-collision".
An attacker can only find a collision by taking the hash of an existing message then hashing millions of other messages until one produces the same string. The problem for legitimate users is that once rainbow-tables containing multiple hashes start to appear, an attacker then only needs a relatively low powered computer to do a search of the tables.
What does this mean to you?
In simple terms you need to make an inventory of all your existing certificates and then determine when they are due for renewal, and how they were signed. You can then either gradually replace them now with certificates signed with SHA2 or buy new certificates when they expire. Great care and a lot of testing is required because some older browsers will not be able to process the new certificates and the users of your website will start to messages like this:
If you are using certificates on your AIX system you can use SystemScan to help you to find and document them.
No comments:
Post a Comment