This manufacturer of heavy equipment uses encryption for exchanging sensitive data with its partners as well as within the company, reports a pilot fish on the scene — and everything is built on the SHA-1 algorithm.

Which eventually turns out to be a problem, because the 20-year-old algorithm is no longer considered secure. “At a meeting with a vendor, we started to talk about SHA-1 and using it,” fish says. “The vendor rep was quiet for a moment, then said they were using SHA-2, and listed the reasons.

“Our team said we were using SHA-1 and needed to use it due to a timing issue. The vendor rep said they don’t revert back to a less secure option, especially for encryption.”

To read this article in full or to leave a comment, please click here