Welcome Stranger to OCC!Login | Register

First SHA-1 Collision Produced by Google

Category: Science & Technology
Posted: 12:52PM
Author:

There are many systems out there used to secure digital systems and content, and one of them has just been dealt a significant blow. The cryptographic hash function SHA-1 has been dealt its first collision, thanks to Google, effectively confirming it is no longer secure. Luckily there are better versions of the function out there already (SHA-256 and SHA-3, for example), but now it seems even more important for security professionals to move away from the 20 year old standard.

Cryptographic hashes are an important part of securing data on the Internet as the algorithms produce what should be unique message digests. If you want to check the authenticity of a file you download, and the source provides the digest, you can compare what the source provided against the digest your computer can make from what you downloaded, and if they match, you know you got what you wanted, and it was not compromised by some third-party. What Google has down is produced the first collision for Secure Hash Algorithm 1, which means it has generated two files, in this case two PDFs, that have different content but the same SHA-1 message digest. Google started from a paper published in 2013 that described a theoretical approach to creating the collision, and work started on creating a PDF prefix that would do the job. It took a lot of computation, but the collision has been produced.

For years it has been known and recognized that SHA-1 is not very secure, but it is still in use today to confirm website security certificates. However, Chrome 56 and newer will not consider any website with a SHA-1 certificate secured, and reacting to the news of the collision, Mozilla has accelerated its phase-in of depreciating SHA-1 to all Firefox 51 users.

You can find even more information about the collision and its potential impact at the second source link below.

Source: Google Security Blog and SHAttered.it



Register as a member to subscribe comments.

This news has comment postings disabled because it is now archived.

© 2001-2017 Overclockers Club ® Privacy Policy
Elapsed: 0.0926198959   (xlweb1)