{"id":513635,"date":"2022-12-16T06:40:37","date_gmt":"2022-12-16T08:40:37","guid":{"rendered":"https:\/\/teknomers.com\/fr\/au-revoir-sha-1-le-nist-retire-un-algorithme-cryptographique-largement-utilise-depuis-27-ans\/"},"modified":"2022-12-16T06:40:38","modified_gmt":"2022-12-16T08:40:38","slug":"au-revoir-sha-1-le-nist-retire-un-algorithme-cryptographique-largement-utilise-depuis-27-ans","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/au-revoir-sha-1-le-nist-retire-un-algorithme-cryptographique-largement-utilise-depuis-27-ans\/","title":{"rendered":"Au revoir SHA-1 : le NIST retire un algorithme cryptographique largement utilis\u00e9 depuis 27 ans"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">16 d\u00e9cembre 2022<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Cryptage \/ S\u00e9curit\u00e9 des donn\u00e9es<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Le National Institute of Standards and Technology (NIST) des \u00c9tats-Unis, une agence du minist\u00e8re du Commerce, <a rel=\"nofollow noopener\" href=\"https:\/\/www.nist.gov\/news-events\/news\/2022\/12\/nist-retires-sha-1-cryptographic-algorithm\" target=\"_blank\">annonc\u00e9<\/a> jeudi qu&#8217;il retire officiellement l&#8217;algorithme cryptographique SHA-1.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/SHA-1\" target=\"_blank\">SHA-1<\/a>abr\u00e9viation de Secure Hash Algorithm 1, a 27 ans <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Hash_function\" target=\"_blank\">fonction de hachage<\/a> utilis\u00e9 en cryptographie et a depuis \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.schneier.com\/blog\/archives\/2005\/02\/cryptanalysis_o.html\" target=\"_blank\">jug\u00e9<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/csrc.nist.gov\/news\/2006\/nist-comments-on-cryptanalytic-attacks-on-sha-1\" target=\"_blank\">cass\u00e9<\/a> en raison du risque de <a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Collision_attack\" target=\"_blank\">attaques par collision<\/a>.<\/p>\n<p>Alors que les hachages sont con\u00e7us pour \u00eatre irr\u00e9versibles &#8211; ce qui signifie qu&#8217;il devrait \u00eatre impossible de reconstruire le message d&#8217;origine \u00e0 partir du texte chiffr\u00e9 de longueur fixe &#8211; le manque de r\u00e9sistance aux collisions dans SHA-1 a permis de g\u00e9n\u00e9rer la m\u00eame valeur de hachage pour deux entr\u00e9es diff\u00e9rentes.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/uptycs-inside\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/12\/1670949871_285_De-graves-attaques-auraient-pu-etre-mises-en-scene-via.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>En f\u00e9vrier 2017, un groupe de chercheurs du CWI Amsterdam et de Google <a rel=\"nofollow noopener\" href=\"https:\/\/security.googleblog.com\/2017\/02\/announcing-first-sha1-collision.html\" target=\"_blank\">divulgu\u00e9<\/a> la premi\u00e8re technique pratique pour cr\u00e9er des collisions sur SHA-1, sapant efficacement la s\u00e9curit\u00e9 de l&#8217;algorithme.<\/p>\n<p>&#8220;Par exemple, en cr\u00e9ant les deux fichiers PDF en collision sous la forme de deux contrats de location avec des loyers diff\u00e9rents, il est possible de tromper quelqu&#8217;un pour qu&#8217;il cr\u00e9e une signature valide pour un contrat \u00e0 loyer \u00e9lev\u00e9 en lui faisant signer un contrat \u00e0 loyer modique&#8221;, a d\u00e9clar\u00e9 le des chercheurs <a rel=\"nofollow noopener\" href=\"https:\/\/shattered.it\/\" target=\"_blank\">a dit<\/a> \u00e0 l&#8217;\u00e9poque.<\/p>\n<p>Les attaques cryptanalytiques sur SHA-1 <a rel=\"nofollow noopener\" href=\"https:\/\/csrc.nist.gov\/Projects\/Hash-Functions\/NIST-Policy-on-Hash-Functions\" target=\"_blank\">invit\u00e9<\/a> Le NIST en 2015 a demand\u00e9 aux agences f\u00e9d\u00e9rales am\u00e9ricaines de cesser d&#8217;utiliser l&#8217;algorithme pour g\u00e9n\u00e9rer des signatures num\u00e9riques, des horodatages et d&#8217;autres applications n\u00e9cessitant une r\u00e9sistance aux collisions.<\/p>\n<p>Selon le programme de validation des algorithmes cryptographiques du NIST (<a rel=\"nofollow noopener\" href=\"https:\/\/csrc.nist.gov\/projects\/cryptographic-algorithm-validation-program\" target=\"_blank\">CAVP<\/a>), qui organise une liste d&#8217;algorithmes cryptographiques approuv\u00e9s, il existe <a rel=\"nofollow noopener\" href=\"https:\/\/csrc.nist.gov\/projects\/cryptographic-algorithm-validation-program\/validation-search?searchMode=validation&amp;productType=-1&amp;algorithm=129&amp;dateFrom=01%2F01%2F2018&amp;ipp=100\" target=\"_blank\">2 272 biblioth\u00e8ques<\/a> accr\u00e9dit\u00e9s depuis janvier 2018 et qui prennent toujours en charge SHA-1.<\/p>\n<p>En plus d&#8217;exhorter les utilisateurs \u00e0 s&#8217;appuyer sur l&#8217;algorithme pour migrer vers SHA-2 ou SHA-3 pour s\u00e9curiser les informations \u00e9lectroniques, le NIST recommande \u00e9galement que SHA-1 soit enti\u00e8rement supprim\u00e9 d&#8217;ici le 31 d\u00e9cembre 2030.<\/p>\n<p>&#8220;Les modules qui utilisent encore SHA-1 apr\u00e8s 2030 ne seront pas <a rel=\"nofollow noopener\" href=\"https:\/\/csrc.nist.gov\/projects\/cryptographic-module-validation-program\" target=\"_blank\">autoris\u00e9 \u00e0 l&#8217;achat<\/a> par le gouvernement f\u00e9d\u00e9ral &#8220;, a d\u00e9clar\u00e9 Chris Celi, informaticien du NIST. &#8220;Les entreprises ont huit ans pour soumettre des modules mis \u00e0 jour qui n&#8217;utilisent plus SHA-1.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/12\/goodbye-sha-1-nist-retires-27-year-old.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80216 d\u00e9cembre 2022\ue804Ravie LakshmananCryptage \/ S\u00e9curit\u00e9 des donn\u00e9es Le National Institute of Standards and Technology (NIST) des \u00c9tats-Unis, une agence du minist\u00e8re du Commerce, annonc\u00e9 jeudi qu&#8217;il retire officiellement l&#8217;algorithme cryptographique SHA-1. SHA-1abr\u00e9viation de Secure Hash Algorithm 1, a 27 ans fonction de hachage utilis\u00e9 en cryptographie et a depuis \u00e9t\u00e9 jug\u00e9 cass\u00e9 en raison [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":513636,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[9049,277,4168,30750,4158,4165,4161,377,4157,4159,4171,4170,2744,4167,4160,60788,4163,4162,1637,3650,4172,4169,132497,1282,4166,4164],"class_list":["post-513635","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-algorithme","tag-ans","tag-comment-pirater","tag-cryptographique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-depuis","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-largement","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nist","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-retire","tag-revoir","tag-securite-informatique","tag-securite-internet","tag-sha1","tag-utilise","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/513635","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=513635"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/513635\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/513636"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=513635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=513635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=513635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}