{"id":11199,"date":"2019-05-22T09:00:10","date_gmt":"2019-05-22T16:00:10","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=11199"},"modified":"2019-08-15T11:06:30","modified_gmt":"2019-08-15T18:06:30","slug":"sha-1-has-one-foot-in-the-grave","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/","title":{"rendered":"SHA-1 Has One Foot In the Grave"},"content":{"rendered":"<p>Last week, researchers <i>Ga\u00ebtan Leurent <\/i>and<i> Thomas Peyrin<\/i> <a href=\"https:\/\/eprint.iacr.org\/2019\/459\">released a paper<\/a> detailing improvements to the original <a href=\"https:\/\/shattered.io\/\">SHAttered project<\/a> that theoretically allow chosen-plaintext attacks against SHA-1.<\/p>\n<p>After the initial generation of a collision was demonstrated with SHAttered, there was a rapid response by major software vendors to take corrective action to deprecate or fully stop using SHA-1. This is because the SHAttered project did the required computation with an equivalent budget of around $100,000 for leased cloud-computing hardware, which places an exploit well within reach of a motivated attacker.<\/p>\n<p>But, as with all cryptography, attacks only improve over time, and algorithms get progressively weaker as they age and techniques against them are refined.<\/p>\n<h2>What\u2019s The Improvement With This New Attack?<\/h2>\n<p>This attack is a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Collision_attack#Chosen-prefix_collision_attack\">chosen-prefix attack<\/a>.<\/p>\n<p>The SHAttered project gave you no control over the colliding data, so you had to have a set of data, and then generate \u201cgarbled\u201d data to make the SHA-1 collision fit, so that your two differing documents would produce the same hash. This is an important distinction because in the SHAttered attack you couldn\u2019t meaningfully manipulate a file, and then make your collision fit. You could only add seemingly-random gibberish to make two files with the same core properties give you the same hash.<\/p>\n<p>The chosen-prefix attack is different, because it leads us down a road where forged documents and a things like an entire rogue certificate system are possible. A fully-functional version of this type of attack was demonstrated in 2009 with a <a href=\"https:\/\/homepages.cwi.nl\/~stevens\/papers\/CR09-SSALMOdW.pdf\">dramatic improvement to chosen-prefix attacks for the MD5 hash algorithm<\/a>.<\/p>\n<h2>The Impact<\/h2>\n<p>The attack is more complex than the SHAttered attack, and requires greater computing power to find a working collision. While the attack is estimated, the methodology of attempting to gauge the cost of finding a collision appears to be sound.\u00a0 While the SHAttered attack costs around $300,000 USD to perform (the SHAttered team got lucky and found theirs for less than expected), this attack is estimated to cost between $1.2 million and $7 million to generate a chosen-prefix collision. While this puts it squarely within the means of governments to exploit, it is expensive enough to be out of the reach of most adversaries.<\/p>\n<p>The cost, combined with the deprecation of the algorithm because of the SHAttered attack, gives us some reassurance. However, old software running at organizations that fail to upgrade their infrastructure for years may face threats from this type of attack. Old systems could contain vulnerable SSH, IKE, or even TLS client impersonation via the <a href=\"https:\/\/eprint.iacr.org\/2015\/967.pdf\">SLOTH attack<\/a>. And, as always, these attacks always improve and it is very likely that SHA-1 attacks will get cheaper as more improvements are found, and computer hardware gets faster.<\/p>\n<h2>Mitigation<\/h2>\n<p>These attacks continue to improve, and the time to walk away from SHA-1 was two years ago. SHA-2 and SHA-3 are already standardized and theoretically much stronger fundamentally due to their designs. SHA-3 is particularly interesting because the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Sponge_function\">sponge-construction<\/a> is entirely new and has no relation at all to older SHA techniques.<\/p>\n<p>If you do switch over to SHA-2, it is important to note that SHA256 and SHA512 are vulnerable to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Length_extension_attack\">length extension attacks<\/a> if they are they not implemented properly, and it is safer to use SHA384 or the truncated versions of SHA2 (SHA512\/256 is not the same as SHA512 or SHA256). If given the choice between SHA3 and BLAKE2 they bare both theorized to be at least as strong as SHA512\/256. SHA3 is slower but gives you standards compliance for things like FIPS. BLAKE2 is significantly faster and immune to length-extension attacks.<\/p>\n<p>The only case where SHA-1 is safe to be used is<a href=\"https:\/\/en.wikipedia.org\/wiki\/HMAC\"> in HMAC<\/a>. Where the hash function does not need to have the same properties to maintain secure operation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week, researchers Ga\u00ebtan Leurent and Thomas Peyrin released a paper detailing improvements to the original SHAttered project that theoretically allow chosen-plaintext attacks against SHA-1. After the initial generation of a collision was demonstrated with SHAttered, there was a rapid response by major software vendors to take corrective action to deprecate or fully stop using &hellip; <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;SHA-1 Has One Foot In the Grave&#8221;<\/span><\/a><\/p>\n","protected":false},"author":32,"featured_media":11201,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":false,"_modified_date":"","footnotes":""},"categories":[12],"tags":[],"class_list":["post-11199","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SHA-1 Has One Foot In the Grave<\/title>\n<meta name=\"description\" content=\"A new paper has been published demonstrating a chosen-prefix attack for SHA-1. This article discusses the serious impact and how to mitigate the threat!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SHA-1 Has One Foot In the Grave\" \/>\n<meta property=\"og:description\" content=\"A new paper has been published demonstrating a chosen-prefix attack for SHA-1. This article discusses the serious impact and how to mitigate the threat!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-22T16:00:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-15T18:06:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1650\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Derek Zimmer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/www.twitter.com\/ostifofficial\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Derek Zimmer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\"},\"author\":{\"name\":\"Derek Zimmer\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1\"},\"headline\":\"SHA-1 Has One Foot In the Grave\",\"datePublished\":\"2019-05-22T16:00:10+00:00\",\"dateModified\":\"2019-08-15T18:06:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\"},\"wordCount\":626,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png\",\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\",\"name\":\"SHA-1 Has One Foot In the Grave\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png\",\"datePublished\":\"2019-05-22T16:00:10+00:00\",\"dateModified\":\"2019-08-15T18:06:30+00:00\",\"description\":\"A new paper has been published demonstrating a chosen-prefix attack for SHA-1. This article discusses the serious impact and how to mitigate the threat!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png\",\"width\":1650,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SHA-1 Has One Foot In the Grave\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1\",\"name\":\"Derek Zimmer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g\",\"caption\":\"Derek Zimmer\"},\"description\":\"Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.\",\"sameAs\":[\"https:\/\/ostif.org\/\",\"https:\/\/www.linkedin.com\/in\/derek-zimmer-2164a441\/\",\"https:\/\/x.com\/http:\/\/www.twitter.com\/ostifofficial\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/derek-zimmer\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SHA-1 Has One Foot In the Grave","description":"A new paper has been published demonstrating a chosen-prefix attack for SHA-1. This article discusses the serious impact and how to mitigate the threat!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/","og_locale":"en_US","og_type":"article","og_title":"SHA-1 Has One Foot In the Grave","og_description":"A new paper has been published demonstrating a chosen-prefix attack for SHA-1. This article discusses the serious impact and how to mitigate the threat!","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2019-05-22T16:00:10+00:00","article_modified_time":"2019-08-15T18:06:30+00:00","og_image":[{"width":1650,"height":900,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png","type":"image\/png"}],"author":"Derek Zimmer","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/www.twitter.com\/ostifofficial","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Derek Zimmer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/"},"author":{"name":"Derek Zimmer","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1"},"headline":"SHA-1 Has One Foot In the Grave","datePublished":"2019-05-22T16:00:10+00:00","dateModified":"2019-08-15T18:06:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/"},"wordCount":626,"commentCount":0,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png","articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/","name":"SHA-1 Has One Foot In the Grave","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png","datePublished":"2019-05-22T16:00:10+00:00","dateModified":"2019-08-15T18:06:30+00:00","description":"A new paper has been published demonstrating a chosen-prefix attack for SHA-1. This article discusses the serious impact and how to mitigate the threat!","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/05\/sha1-preimage-attacks.png","width":1650,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/sha-1-has-one-foot-in-the-grave\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SHA-1 Has One Foot In the Grave"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1","name":"Derek Zimmer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g","caption":"Derek Zimmer"},"description":"Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.","sameAs":["https:\/\/ostif.org\/","https:\/\/www.linkedin.com\/in\/derek-zimmer-2164a441\/","https:\/\/x.com\/http:\/\/www.twitter.com\/ostifofficial"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/derek-zimmer\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/11199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=11199"}],"version-history":[{"count":1,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/11199\/revisions"}],"predecessor-version":[{"id":11200,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/11199\/revisions\/11200"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/11201"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=11199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=11199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=11199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}