#sha1 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sha1, aggregated by home.social.
-
Seit mindestens 2015 ist klar, dass #SHA1 kaputt ist
Seit 2022 sagt #NIST, man soll SHA1 nicht nutzen
Seit 2025 ist angekündigt, dass #Debian SHA1 ab Februar 2026 nicht mehr akzeptieren wird.Und jetzt ratet mal, wer zum Stichtag immer noch SHA1 nutzt und wessen Software daher nicht mehr installiert/aktualisiert werden kann.
- Microsoft #Azure
- #Ubiquity
- Teile von #NodeJSAlso die Bereiche, in denen Security ja offensichtlich keinerlei Relevanz hat.
-
My #2026 resolution was field-testing sha256 git repos and I converted one of my minor projects, but since Github only supports sha1 I've moved the repository to codeberg:
https://codeberg.org/kpcyrd/ssh-keyonly
Everything else worked well. I'm also mirroring the repo to Arch Linux' Gitlab. Gitlab's UI didn't support creating sha256 repos, but this can be bypassed through the "import repository" feature.
I've used this guide, which was very helpful: https://cybrkyd.com/post/how-to-convert-a-sha1-git-repository-to-sha256/
-
My #2026 resolution was field-testing sha256 git repos and I converted one of my minor projects, but since Github only supports sha1 I've moved the repository to codeberg:
https://codeberg.org/kpcyrd/ssh-keyonly
Everything else worked well. I'm also mirroring the repo to Arch Linux' Gitlab. Gitlab's UI didn't support creating sha256 repos, but this can be bypassed through the "import repository" feature.
I've used this guide, which was very helpful: https://cybrkyd.com/post/how-to-convert-a-sha1-git-repository-to-sha256/
-
My #2026 resolution was field-testing sha256 git repos and I converted one of my minor projects, but since Github only supports sha1 I've moved the repository to codeberg:
https://codeberg.org/kpcyrd/ssh-keyonly
Everything else worked well. I'm also mirroring the repo to Arch Linux' Gitlab. Gitlab's UI didn't support creating sha256 repos, but this can be bypassed through the "import repository" feature.
I've used this guide, which was very helpful: https://cybrkyd.com/post/how-to-convert-a-sha1-git-repository-to-sha256/
-
My #2026 resolution was field-testing sha256 git repos and I converted one of my minor projects, but since Github only supports sha1 I've moved the repository to codeberg:
https://codeberg.org/kpcyrd/ssh-keyonly
Everything else worked well. I'm also mirroring the repo to Arch Linux' Gitlab. Gitlab's UI didn't support creating sha256 repos, but this can be bypassed through the "import repository" feature.
I've used this guide, which was very helpful: https://cybrkyd.com/post/how-to-convert-a-sha1-git-repository-to-sha256/
-
My #2026 resolution was field-testing sha256 git repos and I converted one of my minor projects, but since Github only supports sha1 I've moved the repository to codeberg:
https://codeberg.org/kpcyrd/ssh-keyonly
Everything else worked well. I'm also mirroring the repo to Arch Linux' Gitlab. Gitlab's UI didn't support creating sha256 repos, but this can be bypassed through the "import repository" feature.
I've used this guide, which was very helpful: https://cybrkyd.com/post/how-to-convert-a-sha1-git-repository-to-sha256/
-
#TechIsShitDispatch
It's been more than a year since #Debian #Linux deprecated the insecure #SHA1 hash algorithm in #APT repositories.
The #Keybase, #Slack, and #Dropbox repositories (I'm sure among others) are still using SHA1, and therefore for over a year they have not worked in Debian without changing the default APT policies to allow them.
I know Slack knows about this, because I told them. A year ago.
Why haven't they upgraded the security on their repository?
Seriously, wtf?
#infosec -
20 años de #git... qué loco, y qué enorme pieza de software.
Interesante artículo, me quedo con la frase de Linus Torvalds sobre el uso de #SHA1 para verificar integridad de los archivos en Git:
"But to me, SHA-1 hashes were never about the security. It was about finding corruption."
No siempre los mecanismos criptográficos se utilizan para brindar seguridad, y algoritmos que son inseguros en algunas aplicaciones pueden ser perfectamente válidos en otras.
-
Interesting.
Collabora CODE server won't install on Alma Linux 9 ... beeecauuuse their Repo gpg key is using a SHA1 hash and Alma 9 says Nuh-Uh.
*Blink *Blink
Now I can set the policy to use SHA1 if I want to, aaaand I don't really want to.
THey're going to make me run this in a docker, aren't they.
#CollaboraOfficeOnline #AlmaLinux9 #GPG #SHA1 #OMGWTF #SysAdmin
-
Anyone can Access Deleted and Private Repository Data on GitHub
Who'd have thought #git using #SHA1 and permitting short hashes for referencing would ever become a security weakness?
You can exploit it by brute forcing private or secret hashes on #GitHub.
Or without rate limits via big query, courtesy of gharchive.org.Long story short, private GH repos might not be as concealed and deleting repos might not be as final as the terms suggests.
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
-
CyberChef from GCHQ: Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
#ycombinator #base64 #hex #decode #encode #encrypt #decrypt #compress #decompress #regex #regular_expressions #hash #crypt #hexadecimal #user_agent #url #certificate #x_509 #parser #JSON #gzip #md5 #sha1 #aes #des #blowfish #xor -
CyberChef from GCHQ: Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
#ycombinator #base64 #hex #decode #encode #encrypt #decrypt #compress #decompress #regex #regular_expressions #hash #crypt #hexadecimal #user_agent #url #certificate #x_509 #parser #JSON #gzip #md5 #sha1 #aes #des #blowfish #xor -
CyberChef from GCHQ: Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
#ycombinator #base64 #hex #decode #encode #encrypt #decrypt #compress #decompress #regex #regular_expressions #hash #crypt #hexadecimal #user_agent #url #certificate #x_509 #parser #JSON #gzip #md5 #sha1 #aes #des #blowfish #xor -
CyberChef from GCHQ: The Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
#ycombinator #base64 #hex #decode #encode #encrypt #decrypt #compress #decompress #regex #regular_expressions #hash #crypt #hexadecimal #user_agent #url #certificate #x_509 #parser #JSON #gzip #md5 #sha1 #aes #des #blowfish #xor -
CyberChef from GCHQ: The Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
#ycombinator #base64 #hex #decode #encode #encrypt #decrypt #compress #decompress #regex #regular_expressions #hash #crypt #hexadecimal #user_agent #url #certificate #x_509 #parser #JSON #gzip #md5 #sha1 #aes #des #blowfish #xor -
CyberChef from GCHQ: The Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
#ycombinator #base64 #hex #decode #encode #encrypt #decrypt #compress #decompress #regex #regular_expressions #hash #crypt #hexadecimal #user_agent #url #certificate #x_509 #parser #JSON #gzip #md5 #sha1 #aes #des #blowfish #xor -
A note regarding the use of #SHA1 in #SMIME in #Thunderbird. In short: You should no longer accept message signatures based on SHA1, and Thunderbird started rejecting them from version 115.0 by default, but as some environments apparently still depend on them, Thunderbird 115.4.1 and later offer a way to opt in and accept them anyway:
https://blog.thunderbird.net/2023/10/thunderbird-115-and-signatures-using-the-obsolete-sha-1-algorithm/ -
@nodejs Love your #nodejs binary packages. But It seems that they are still signed using SHA1, The latest #RHEL & @almalinux distros have deprecated #SHA1 in favour of #SHA256. Could you consider siginging your packages with an #SHA256? https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
-
Microsoft deprecates #tls 1.0 and 1.1 in major products including SQL Server.
My takeaway from the #sha1 deprecation was that we only see global change on rolled out #cryptography when the likes of #microsoft and #google turn a security #threat into an availability issue.
I predict we’ll see the same here.
https://www.theregister.com/2023/09/04/tls_windows_deprecation/
-
#Pagerduty also seems to provide only #SHA1 key for their pdagent package, making it impossible to install securely on RHEL9, for example.
Did these companies learn nothing from the #SolarWinds case?
https://support.pagerduty.com/docs/pagerduty-agent-integration-guide
-
Great reading about SHA1 and its weaknesses
Credits Declain Thomas -
@Perl Good news, the #Perl module IO::Socket::SSL now defaults to using the #TLS cryptographic protocol version 1.2 or greater. (Earlier versions have been widely deprecated for a couple of years due to weaknesses found in the #MD5 and #SHA1 hashing functions.)
Note that if you’ve updated #OpenSSL recently you may also have to rebuild and reinstall Net::SSLeay from #CPAN.
#infosec #security #cryptography #SSL https://g0v.social/@gugod/110392435778885615
-
Need a quick way to check a hash against a huge database?
I've written a small but flexible Go CLI tool to query the HashMob API.
It's actually pretty damn handy if I do say so myself.
If you find it useful, stars and boosts are much appreciated ❤️
https://github.com/n0kovo/gohashmob
(just starting to learn Go, don't judge my probably horrible code 🥹)
#hacking #infosec #tools #osint #passwordcracking #passwords #passwordsecurity #hashcracking #hashlookup #hashmob #md5 #sha1 #bcrypt #pentesting #bugbounty #redteam
-
Need a quick way to check a hash against a huge database?
I've written a small but flexible Go CLI tool to query the HashMob API.
It's actually pretty damn handy if I do say so myself.
If you find it useful, stars and boosts are much appreciated ❤️
https://github.com/n0kovo/gohashmob
(just starting to learn Go, don't judge my probably horrible code 🥹)
#hacking #infosec #tools #osint #passwordcracking #passwords #passwordsecurity #hashcracking #hashlookup #hashmob #md5 #sha1 #bcrypt #pentesting #bugbounty #redteam
-
Need a quick way to check a hash against a huge database?
I've written a small but flexible Go CLI tool to query the HashMob API.
It's actually pretty damn handy if I do say so myself.
If you find it useful, stars and boosts are much appreciated ❤️
https://github.com/n0kovo/gohashmob
(just starting to learn Go, don't judge my probably horrible code 🥹)
#hacking #infosec #tools #osint #passwordcracking #passwords #passwordsecurity #hashcracking #hashlookup #hashmob #md5 #sha1 #bcrypt #pentesting #bugbounty #redteam
-
Need a quick way to check a hash against a huge database?
I've written a small but flexible Go CLI tool to query the HashMob API.
It's actually pretty damn handy if I do say so myself.
If you find it useful, stars and boosts are much appreciated ❤️
https://github.com/n0kovo/gohashmob
(just starting to learn Go, don't judge my probably horrible code 🥹)
#hacking #infosec #tools #osint #passwordcracking #passwords #passwordsecurity #hashcracking #hashlookup #hashmob #md5 #sha1 #bcrypt #pentesting #bugbounty #redteam
-
Need a quick way to check a hash against a huge database?
I've written a small but flexible Go CLI tool to query the HashMob API.
It's actually pretty damn handy if I do say so myself.
If you find it useful, stars and boosts are much appreciated ❤️
https://github.com/n0kovo/gohashmob
(just starting to learn Go, don't judge my probably horrible code 🥹)
#hacking #infosec #tools #osint #passwordcracking #passwords #passwordsecurity #hashcracking #hashlookup #hashmob #md5 #sha1 #bcrypt #pentesting #bugbounty #redteam
-
Linux Beginners Guide: Checking File And Package Checksum Integrity
#Linux #Checksums #Integrity #FOSS #Debian #debsums #SHA1 #SHA256 #SHA512 #Cryptography #Hash #Howto #Tutorial #Shell #Bash
-
Linux Beginners Guide: Checking File And Package Checksum Integrity
#Linux #Checksums #Integrity #FOSS #Debian #debsums #SHA1 #SHA256 #SHA512 #Cryptography #Hash #Howto #Tutorial #Shell #Bash
-
Forscher des Fraunhofer FKIE und der RWTH Aachen haben das Internet nach Steuerungen auf Basis des Standards OPC UA durchsucht. 92% waren unsicher eingerichtet.
Industrieanlagen mit OPC UA systematisch schlecht konfiguriert -
In case you didn't get the memo: it's time to stop using SHA1.
"The new collision gives attackers more options and flexibility than were available with the previous technique. [...] [G]enerally, it produces the same hash for two or more attacker-chosen inputs by appending data to each of them. The attack unveiled on Tuesday also costs as little as $45,000 to carry out."
-
PGP keys, software security, and much more threatened by new SHA1 exploit - Enlarge (credit: David Göthberg)
Three years ago, Ars declared the SHA1 cryptographic hash algori... more: https://arstechnica.com/?p=1639935 #chosen-prefixattack #cryptographichashes #digitalsignatures #biz&it #sha1