It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Google - Announcing the first SHA1 collision

page: 2
7
<< 1   >>

log in

join
share:

posted on Feb, 28 2017 @ 09:28 AM
link   
a reply to: Aazadan

Check this hardware

QUANTIS QRNG - delivering true randomness with quantum random number generation



posted on Feb, 28 2017 @ 09:42 AM
link   

originally posted by: Aazadan
I think what they used in the past was measuring radioactive decay.


That's one way.

Others include generating random noise from diode junctions, or using atmospheric noise.



posted on Feb, 28 2017 @ 09:43 AM
link   

originally posted by: roadgravel
a reply to: Aazadan

Check this hardware

QUANTIS QRNG - delivering true randomness with quantum random number generation


Interesting, but it still doesn't fully solve the problem. Even if you can generate truly random sequences of bits, you still have the issue of transferring that decryption key. Any system that allows you to transfer it securely, is also going to be sufficient to simply transfer the message.



posted on Feb, 28 2017 @ 10:35 AM
link   
a reply to: Aazadan

Sure, key security is big. But we are seeing growth toward solutions.

edit on 2/28/2017 by roadgravel because: (no reason given)



posted on Feb, 28 2017 @ 03:32 PM
link   
a reply to: Bedlam

SHA2 is very similar to SHA1 from what I have read and the recommendation now is to use SHA3. I stopped using SHA256 early in 2016. There are also problems with obsolete ciphers and protocols being used when it comes to web servers.

I used Qualy's SSL labs to check my web server and I scored A+ (hours of reading). For comparison I tested Go Daddy's site today which scored a C. Protocols SSLv2, SSLv3 and TLSv1.0 have been hacked and are considered unsafe. Go Daddy uses TLSv1.0. They also use RC4 which is considered broken and unsafe to use along with other unsafe cipher suites. I removed RC4 2 years ago. Go Daddy does not have perfect forward secrecy either.

Go Daddy Assessment

I am self-taught with no IT qualifications. If I can score A+ surely big companies who employ IT staff should score this as well. I find it puzzling.

For anyone that is interested I use a Firefox add-on called 'SSleuth' which lets me see at a glance how secure website encryption is.

This is the SSLeuth readout from the Disqus hompage.





edit on 28-2-2017 by Morrad because: (no reason given)



posted on Feb, 28 2017 @ 11:31 PM
link   

originally posted by: Morrad
a reply to: Bedlam

SHA2 is very similar to SHA1 from what I have read and the recommendation now is to use SHA3. I stopped using SHA256 early in 2016.



They're in the same spec, and they're similar, but not the same. SHA256's transform is significantly more complex.




 
7
<< 1   >>

log in

join