Google Achieves First-Ever Successful SHA-1 Collision Attack
Cryptographic hash functions like SHA-1 are a
cryptographer’s swiss army knife. You’ll find that hashes play a role in
browser security, managing code repositories, or even just detecting
duplicate files in storage.
Hash functions compress large amounts of
data into a small message digest. As a cryptographic requirement for
wide-spread use, finding two messages that lead to the same digest
should be computationally infeasible. Over time however, this
requirement can fail due to attacks on the mathematical underpinnings of
hash functions or to increases in computational power.
Today, more
than 20 years after of SHA-1 was first introduced, we are announcing the
first practical technique for generating a collision.For the tech
community, our findings emphasize the necessity of sunsetting SHA-1
usage. Google has advocated the deprecation of SHA-1 for many years,
particularly when it comes to signing TLS certificates.
What is a cryptographic hash collision?
A
collision occurs when two distinct pieces of data—a document, a binary,
or a website’s certificate—hash to the same digest as shown above. In
practice, collisions should never occur for secure hash functions.
However if the hash algorithm has some flaws, as SHA-1 does, a
well-funded attacker can craft a collision.
The attacker could then
use this collision to deceive systems that rely on hashes into accepting
a malicious file in place of its benign counterpart. For example, two
insurance contracts with drastically different terms.
Moving forward,
it’s more urgent than ever for security practitioners to migrate to
safer cryptographic hashes such as SHA-256 and SHA-3.
In order to
prevent this attack from active use, we’ve added protections for Gmail
and GSuite users that detects our PDF collision technique. Furthermore,
we are providing a free detection system to the public.
- 11549 Views
Search
Categories
Recent Posts
Photo Stream
Blog Tags
IT-Systems International is a dynamic software house offering turn-key enterprise software solutions, as well as technical consultancy and services.
Our experienced team ensures high availability, reliability and security solutions for both, private and government sector.
Recent Posts
- What’s in a Hash? December 19, 2017
- Managing Risk and Security at the Speed of Digital Business April 21, 2017
- Gartner’s Top 10 Strategic Technology Trends for 2017 March 29, 2017
- Google Achieves First-Ever Successful SHA-1 Collision Attack March 29, 2017
Useful Links
Contact Us
Phone: +4 031 105.08.87
Phone: +4 031 105.08.86
Email: office@it-systems.ro
2024 © IT Systems International All Rights Reserved.