The SHA-1 (Secure Hash Algorithm 1) cryptographic hash function is used to generate hashes for verifying the authenticity of digital content. Despite a decade of warnings about the lack of security and the availability of better and stronger alternatives, SHA-1 remains a widely used hash function - apparently, no longer.
Researchers announce “first practical” SHA-1 collision attack
The SHA-1 hashing function was designed by the National Security Agency (NSA) and its algorithm was first published in 1995. Cryptoanalysts first found theoretical flaws in the algorithm in 2005 that could be used to break SHA-1 via collision attacks. The function was then officially deprecated in 2011 due to security weaknesses demonstrated in various analyses and theoretical attacks. However, it remains widely used despite repeated warnings.
Security researchers at the CWI institute in Amsterdam working with Google Research have now made sure that the hashing function will finally (and hopefully) die. The team wrote a paper demonstrating they have found a faster way to compromise the SHA-1 algorithm. The research team called it "the first practical technique for generating a collision."
What's a collision attack
Collision attacks are used to describe when an attacker generates a file that has the same SHA-1 hash of another, legitimate file. This means two different files or messages produce the same cryptographic hash, allowing an attacker to deceive a system into accepting a malicious file in place of the legitimate file without raising any suspicion.
"Our work shows that it is now practical to find collisions for SHA-1 and that thus it is not secure to use for digital signatures, file integrity, and file identification purposes," Marc Stevens, the lead security researcher said. "Everyone should migrate to safe standards before real-world attacks happen, not after. Note that attacks can only get better and faster, computational power only becomes cheaper, and attackers have the uncanny ability to be more creative in exploiting vulnerabilities than common expectations."
No need to panic
While Google made major waves in the cryptography world by breaking one of the major algorithms used in web encryption today, the attack requires immense computational power. "This attack required over 9,223,372,036,854,775,808 SHA-1 computations," the research team said. "This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations."
Another reason you shouldn't panic is because certificates to HTTPS-protected websites aren't affected. As reported earlier in January, certificate authorities are no longer allowed to rely on SHA-1 to sign TLS certificates. This means your browser will show you that scary red warning sign if you visit a website that is still using SHA-1.
Since Google isn't the only one with enough computing power, it should be said out loud that it is unlikely that the company is the first one to crack SHA-1, considering the computing power government agencies have access to. Google is hoping that their making the process public (in 90 days) will prompt the industry to move to safer options.
"We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256," researchers wrote. "It’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3."
After 90 days, Google will disclose exactly how they broke one of the most widely used hashing functions. Once it is out in the wild, anyone with enough computing power will be able to break it, essentially making the algorithm insecure - and obsolete.
More details on this can be found here.
