In February 2017, Google and CWI announced they had broken SHA-1 encryption. This isn't a surprise: The encryption, used for things like digital signatures, had been susceptible to collisions for years. Companies began slowly phasing out SHA-1 after warning signs of its vulnerability started appearing around 2005.
However, now that SHA-1 is officially broken, what will encryption and cybersecurity experts focus on next? Below, members of the Forbes Technology Council talk about their predictions:
1. Quantum-Secure Cryptography
The writing was on the wall for quite some time with SHA-1. Before it was publicly broken, a recommendation to use stronger encryption was clear in the community. Today, we hear talk of security in a post-quantum world with the NSA citing a need for quantum-secure cryptography. Researchers will likely hasten their efforts toward practical implementations of post-quantum encryption. - Bojan Simic, HYPR Corp.
2. SHA-2
While it is surprising that SHA-1 has been compromised, most newer products have already started building on SHA-2. Many companies and technologies started the migration process a couple of years ago, deprecating the use of SHA-1 in new systems. The arms race will continue, but encryption tech is still safely ahead of hackers. - Charlie Youakim, Sezzle
3. Blockchain
Blockchain may be able to deliver a higher level of encryption, so more research will go into how this technology can be applied to provide a more secure environment. - Chalmers Brown, Due
4. Machine Learning
SHA-1 is a hash algorithm, not an encryption algorithm. It was unbroken in 1995 when it was published -- when the computation power was much lower than today. Cybersecurity experts will definitely move to SHA-2. With the rapid development in machine learning, it might be faster than what we can imagine for experts to break SHA-2. However, machine learning may also help in defining new algorithms. - Rong Xu, Memberson Pte. Ltd.
5. Threat Detection
The growing use of encryption and the emergence of TLS 1.3 means a focus on compensating for the degradation of DPI-based security solutions, such as WAF and IDS/IPS. An inability to analyze payloads at the perimeter means attacks can hit endpoints behind a firewall. Therefore, employing modern threat detection solutions behind a firewall needs to be a high priority. - Bryan Doerr, Observable Networks
6. SHA-3 And Beyond
SHA-1 is a cryptographic hash function. One key property of such functions is to make them infeasible to create collisions. Researchers can perform 9 quintillion computations (which would take thousands of years for one CPU) to create a collision. Things with long lifetimes like digital signatures no longer use SHA-1. SHA-2 is used today, and SHA-3 will eventually be on the horizon. - Satyam Tyagi, Certes Networks
7. Encryption Rounds
As computer power increases with theoretically infinite distributed cloud computing, any encryption technique can be targeted. To continue to outpace research done in cracking encryption, expect future encryption techniques to include a much higher number of encryption rounds coupled with a significant increase in minimum effective key size. - Tyler Shields, Signal Sciences