Collision Attack: Widely Used SHA-1 Hash Algorithm Needs to Die Immediately.

SHA-1 – one of the Internet's widely adopted cryptographic hash function – is Just about to Die.

Yes, the cost and time required to break the SHA1 algorithm have fallen much faster than previously expected.

According to a team of researchers, SHA-1 is so weak that it may be broken and compromised by hackers in the next three months.

The SHA-1 algorithm was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hash functions, SHA-1 converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that message.

Like fingerprints, the resulting hashes are useful as long as they are unique. If two different message inputs generate the same hash (also known as a collision), it can open doors for real-world hackers to break into the security of banking transactions, software downloads, or any website communication.

Collision Attacks on SHA-1

Researchers from the Centrum Wiskunde & Informatica in the Netherlands, Inria in France, and Nanyang Technological University in Singapore have published a paper that showed that SHA-1 is vulnerable to the same collision attacks, which they dubbed – Freestart Collision.

Collision attacks appear when the same hash value (fingerprint) is produced for two different messages, which then can be exploited to forge digital signatures, allowing attackers to break communications encoded with SHA-1.

Breaking SHA1 Now Costs between $75,000 and $120,000

Back in 2012, the well-known security researcher, Bruce Schneier estimated that it would cost $700,000 to carry out a collision attack on SHA1 by 2015 and just $173,000 by 2018.

However, based on new research, such attacks could be performed this year for $75,000 to $120,000 – thanks to a new graphics-card technique known as "boomeranging" that finds SHA1 collisions.

"Our new GPU-based projections are now more accurate, and they are significant below Schneier’s estimations," the research paper reads. "More worrying, they are theoretically already within Schneier estimated resources of criminal syndicates as of today, almost 2 years earlier than previously expected and 1 year before SHA-1 being marked as unsafe."

Move to SHA-2 or SHA-3 Before it Gets TOO Late

The published findings are theoretical and will not cause any immediate danger, but we strongly encourage administrators to migrate from SHA-1 to the secure SHA-2 or SHA-3 hash algorithms as soon as possible.

Administrators should consider the impact SHA-1 would have to their organization and plan for:

·         Hardware compatible with SHA-2/SHA-3

·         Server software updates supporting SHA-2/SHA-3

·         Client software support for SHA-2/SHA-3

·         Custom application code support for SHA-2/SHA-3

SHA-2 is developed by the NSA, whereas SHA-3 is developed by a group of independent researchers.

Reference:  http://thehackernews.com/

There is noting messy in fb.com/supportdigitalindia

hello,
         Here is a great news over india that facebook using the fb.com/supportdigitalindia for internet.org and the news or the websites are just giving the prof a pic which have a <Div> with the class name "internetorg profilepic"

Which is not truth ...

Actually They are changing the source code by editing class name.

when i heard i also got shocked that what happening here ... so i visited the page and inspected the source code. here is nothing like that what humorous telling to us u can view the image of source code i have inspected.

See the blue line and compare both images .. you will come to know what is the truth 

i will also give you some link directions snapshot soon ... i am working on it . 

Thank YOU :

please share if agree :)

A Homemade Device That Can Steal Keys and Hack Data From Your PC: PITA

When someone talks about stealing some data from a PC, what is the suspected source according to you? You may end up guessing Ethernet, WiFi, or Bluetooth.But once in a while, the truth could be something totally different.

The researchers at Tel Aviv University and the Technion of Iran has made a device that could be easily made at home and it captured the stray radio waves emitted by your computer’s processor.

This round device has been dubbed PITA by its creators and it works within the two feet distance. This costs less than $300 using the easily available components and the PITA is small enough to fit inside a piece of pita bread. Actually, PITA is an abbreviation of Portable Instrument for Trace Acquisition.
The information fetched from the open air could be stored locally on an SD card that is housed on the device, or it could be transmitted to the spy with the help of WiFi. So, you can capture the electromagnetic waves and use them to decrypt the EIGamal and RSA data from up to 19 inches away.

The PITA is built using simple components like a WiFi antenna, SDR receiver, capacitors to tune the antenna, a loop antenna and is run using 4-AA batteries.
During the research, the researchers focused their attention on GnuPG (or GPG) – a software implementation by the GNU Project and is widely used. It secures sensitive stuff like BitCoin wallets, emails and conversations. Well, the people at GNU have already issued an update against this particular attack.
However, this technique could also be used against RSA and other forms of encryption and the PITA team is working to expand the range of the device.
Did you like this story about the processor hacking gadget PITA? Do tell us in comments below.

Increasing Reliance netconnect+ and Reliance 3 speed

Hello,

Here is how you can Increase speed of Reliance 3 datacard -

Plugin your data card, launch application, go to settings, click on edit.

Click on advanced and put DNS server IPs. I found Verizon 4.2.2.2 //4.2.2.1 and Open DNS  208.67.222.222 // 208.67.220.220 work best for me. You can also try Google DNS 8.8.8.8 // 8.8.4.4 . Experiment and pick your choice.

Once done, click OK, save it and connect. you will get improved speeds..The whole process makes me wonder why Reliance’s default DNS is so slow . Do they even use their datacards at their home .

           

                                                                   Thank YOU :)

The fake security Awareness over India

Hello,

         This is Abhishek Mani Tiwari, here to introduced you to a biggest problem in Digital India program started by Indian Government and also the problem of todays IT industries in India.

         As we all know, India is growing in IT field day by day and it has acquired remarkable place in the world.IT industry has changed the image of India in the global arena. The new Era here growing is "Information security and Ethical Hacking". Today lots  of Institutes and Universities have stared a number of courses belonging to this revolution and are training IT security Experts Every day.

         The biggest problem or we can call it as a Bug in IT awareness programs is the contents they are providing in the there workshops or in practical session. Mostly the contents are outdated or they have already been patched. Also they do not provide the basic knowledge about the cause of existing problems and solutions to overcome them. After few Months of their course Participants get the certificate of "Ethical hacker" or "IT Security Expert" without being actually awared about current scenario.

         As a result of which when they face the actual existing problem in their job they are unable to tackle them due to lack of accurate knowledge.Since they had not been awared with "root of arising" of these problems.

         Making people, Developers or IT experts aware about  hacking or security in this way has brought us to a path which is leading our IT industries to vulnerabilility.

         This is a biggest problem needing our attention  to make our self and our county secure in real sense and  to move Digital India to the next step so that Indian Government's Project may become successful .We need to move our awareness program to right way to provide a genuine knowledge to our IT Industries.
          
          So,I would like to conclude with "If we really want to uproot any problem,we must know the root".
    
                                      Thank You :)