Just last week, Google researchers announced that they have managed to render one of the internet security standards obsolete. While this is not unexpected, the fact that the first encryption scheme is breakable, sends a clear signal that researchers need to ensure continuing development. Google reported on February 23rd that the encryption method known as SHA-1 was breached. This means that a document or file encrypted with SHA-1 can no longer 100% be trusted to be authentic. SHA, or Secure Hash Algorithm, is a method developed by the United States Institute of Standards and Technology for encrypting a file before sending. The file can be reliably known to have no alterations when being received. The standard was developed in 1993, and has since seen multiple revisions. Currently, a variant on SHA-2 is being used, known as SHA-256.
Since all e-commerce depnds on the ability for party A to “trust” the transmission sent by or to party B, secure encryption is an absolute must. While the hash collision is news, SHA-1 has been surpassed for several years by newer encryption algorithms. Most e-commerce sites use more secure methods such as SHA-256. The interesting thing about this discovery is that we are on the road to even SHA-256 being compromised in the future.