SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack.
SHA-1 was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hashes, SHA-1 also converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that particular message.
Collision attacks appear when the same hash value (fingerprint) is produced for two different messages, which then can be exploited to forge digital signatures, allowing attackers to break communications encoded with SHA-1.
The explanation is technologically tricky, but you can think of it as attackers who surgically alters their fingerprints in order to match yours, and then uses that to unlock your smartphone.
The researchers have been warning about the lack of security of SHA1 from over a decade ago, but the hash function remains widely used.
In October 2015, a team of researchers headed by Marc Stevens from the Centrum Wiskunde & Informatica (CWI) in the Netherlands had published a paper that outlined a practical approach to creating a SHA-1 collision attack –Freestart Collision.
At that time the experts estimated that the cost of an SHA-1 collision attack would cost between $75,000 and $120,000 using computing power from Amazon’s EC2 cloud over a period of a few months.
The Collision Attack ‘SHAttered’ the Internet
The Google approached the same group of researchers, worked with them and today published new research detailing a successful SHA1 collision attack, which they dubbed SHAttered and costs just $110,000 to carry out on Amazon’s cloud computing platform.
As proof of concept, the new research presents two PDF files [PDF1, PDF2] that have the same SHA1 hash, but display totally different content.
According to researchers, the SHAttered attack is 100,000 faster than the brute force attack.
“This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations,” the researcher explains.
“While those numbers seem very large, the SHA-1 shattered attack is still more than 100,000 times faster than a brute force attack which remains impractical.”
90-days for Services to Migrate to Safer Cryptographic Hashes
Despite declared insecure by researchers over a decade ago and Microsoft in November 2013, announcing it would not accept SHA1 certificates after 2016, SHA1 has widely been used over the Internet.
So, it’s high time to migrate to safer cryptographic hashes such as SHA-256 and SHA-3.
Google is planning to release the proof-of-concept (PoC) code in 90 days, which the company used for the collision attack, meaning anyone can create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some pre-conditions.
Therefore, an unknown number of widely used services that still rely on the insecure SHA1 algorithm have three months to replace it with the more secure one.
Meanwhile, Google and researchers have released a free detection tool that detects if files are part of a collision attack. You can find both the tool and much more information about the first collision attack at shattered.io.