Google kills SHA-1 with successful collision attack

It’s official: The SHA-1 cryptographic algorithm has been “SHAttered.” Google successfully broke SHA-1. Now what?

After years of warning that advances in modern computing meant a successful collision attack against SHA-1 was imminent, a team of researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands have successfully developed the first successful SHA-1 collision. In practical terms, SHA-1 should not be relied upon for practical security.

Modern cryptographic hash functions depend on the fact that the algorithm generates a different cryptographic hash for every file. A hash collision refers to having two separate files with the same hash. The fact that cryptographic weaknesses in SHA-1 make certificates using the SHA-1 algorithm potentially vulnerable to collision attacks is well-known. The National Institute of Standards and Technology deprecated SHA-1 more than five years ago, and experts have been long urging organizations to switch to stronger hash algorithms. Up until now, the only thing going for SHA-1 was the fact that collision attacks were still expensive and theoretical.

To read this article in full or to leave a comment, please click here


Source: Infoworld.com | Security

Leave a Reply

Your email address will not be published. Required fields are marked *

*