An essential communications security standard has been broken by a small team of Chinese researchers.
The standard, SHA-1, is critical to secure communications online. It is used to create digital certificates and is crucial to the technical underpinning of Secure Sockets Layer technology - used to protect credit card numbers online, for example.
While experts don't describe the vulnerability as terminal at this point, the news does mean next-generation products will need to move to new algorithms, according to EE Times.
Secure Hash Algorithm was originally developed by the National Security Agency for use with National Institute of Standards and Technology's Digital Signature Standard (DSS).
For a given file, SHA-1 produces a 160 bit encrypted output known as a message digest. This is deliberately designed to be near-impossible to crack - or so it was thought.
News of the vulnerability was included within a draft technical paper from China's Shandong University research team: Xiaoyun Wang, Lisa Yiqun Yin, and Hongbo Yu. It was confirmed at the RSA Conference on February 15.
The researchers involved have good reputations, leading MIT professor Ronald Rivest to say: "I have strong reasons to believe the results of the paper are correct."
"Digital signatures have become less secure. This is another reminder that conservatism is needed in the choice of an algorithm," he said.