Filter by Category

Still using SHA-1 to secure file transfers? It’s time to say goodbye.

Sha-1 Shattered

Securing information is rising in importance for organizations worldwide. Using outdated technology is extremely risky, yet many organizations continue to do so because of legacy systems that don’t allow them to upgrade, lack of resources and time to upgrade, or they are simply unaware. The commonly used SHA-1 algorithm is a perfect example of an obsolete encryption standard that should have been completely phased out long ago. So why are people talking about it today?

With over a decade of warnings about the security vulnerabilities of SHA-1, and deprecation by The National Institute of Standards and Technology (NIST) in 2011, many organizations have since phased out use of this older hash algorithm. For those remaining organizations who haven’t migrated away from SHA-1, Google’s recent public announcement of the first SHA-1 collision should motivate them to abandon this algorithm completely.

Hash algorithms are widely used for a variety of functions including authentication and digital signatures. With file transfers, the algorithm was typically utilized to verify the integrity of sent messages. Using SHA-1, files are compressed into a 160-bit message digest or hash file which is calculated both before and after transmission. On receipt, the two hash values (or signatures) for that transmission are checked to ensure the data has remained intact, as long as both values still match. If the hash values don’t match, the file was likely compromised at some point along the way.

Having two different messages that produce the same hash value should be almost impossible. However, advancements in technology and computational power since the introduction of SHA-1 have exposed its vulnerabilities. With last week’s announcement, Google has proven that systems using SHA-1 can be fooled into thinking a signature is valid when it’s not by producing the same cryptographic hash with two different files. By publicizing their work, this legacy algorithm has been rendered obsolete and insecure.

How does the SHA-1 collision affect file transfers?

If you are still using SHA-1 to verify the integrity of file transfers, you should know that it is no longer considered a safe or secure method. Bottom line, if you still use SHA-1, it should be transitioned to a more secure standard as soon as possible.

If you’re looking to replace SHA-1, an obvious alternative would be SHA-2. The SHA-2 algorithm is a family of hash functions with values of 224, 256, 384 or 512 bits, thus providing stronger security with longer message digests. The more complex algorithms generate more potential hash combinations than were possible with SHA-1 which make the SHA-2 algorithm extremely difficult to break using today’s technology.

GoAnywhere Managed File Transfer and SHA-2

GoAnywhere MFT fully supports the SHA-2 algorithm for secure file transfers over SFTP and FTPS. In addition, GoAnywhere is Drummond Certified for AS2 file transfers and successfully met all requirements for the optional AS2 secure hashing algorithm 2 (SHA-2) tests.


Add a Comment

Allowed tags: <b><i><br>

Latest Posts

What’s the Difference Between GoAnywhere 6.0 and 6.1?

May 20, 2019

We’re excited to share that GoAnywhere 6.1 is now available for download! The newest version of our managed file transfer solution includes over 30 new features, such as X12 data…

How to Encrypt Files in Linux

May 16, 2019

If your organization uses Linux operating systems to run key business processes, it’s important to implement tried-and-tested Linux security practices that support critical files as they…

Everything You Need to Know about FTP Automation Software

May 9, 2019

So, you want to automate your FTP file transfers. Whether you send a dozen file transfers a week, hundreds a day, or even more, automation is a smart step for most businesses. The benefits are…

How to Prevent Data Breaches with MFT | Checklist and Plan

May 2, 2019

You know what a data breach looks like in the movies. A character’s computer is suddenly overtaken by lines of green code. Windows and browsers pop up at lightening speed, as if the PC itself…

The Pros and Cons of Open Source Managed File Transfer Software

April 24, 2019

There comes a day for many companies when it’s time to implement a managed file transfer (MFT) solution. Perhaps there are new compliance requirements to meet, new relationships with third…