SHA-3 – The new hash standard

Die Hard


You are unlikely to encounter security problems with SHA-1 today, but the experience with MD5 teaches us that migration from vulnerable algorithms can take a long time. Despite the fact that security issues had been known since 1996, it was not until the Flame virus successfully attacked the MD5 signatures of the Windows Update Service in 2012 – 16 years later – that many authorities began to address the problem.

Initial collisions are likely to be reported for SHA-1 in the next few years. However, the type of collision is important for the success of an attack: The problems with MD5 did not become relevant until attackers succeeded in creating meaningful data, such as certificates, with a collision. But, it did not take long for the problems with MD5 to become evident, and the attacks soon became more serious.


  1. SHA-3 competition by NIST:
  2. Keccak algorithm:
  3. All proposals in the SHA-3 competition:
  4. Bruce Schneier's blog entry:
  5. Talk at 25C3 about spoofed MD5 signatures:
  6. Analysis of the MD5 collision in the Flame virus:

The Author

Hanno Böck is a freelance journalist and volunteer developer with Gentoo Linux. He also works for web hosters, who rely entirely on free software for their service offerings.

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=