Google’s announcement of the first-ever collision attack means the Secure Hash Algorithm 1 (SHA-1) is officially dead, according to a report from Bleeping Computer.
SHA-1 is a cryptographic function that generates hashes for digital data. These hashes should be unique and help prove the identity of a file. However, the successful collision attack undermines that uniqueness, and the algorithm can thus no longer be considered secure.
The demise of SHA-1, which was designed by the United States National Security Agency several decades ago, creates significant implications for businesses that rely on the algorithm for the delivery of files across the web. Technology companies should work to move from SHA-1 as soon as possible.
How Did Google Run the Attack?
This successful attack marks the conclusion of two years’ research between Google and the CWI Institute in Amsterdam. In a blog post, Google noted how CWI researcher Marc Stevens published an initial theoretical paper on SHA-1 collision in 2013.
The blog post explains researchers had to overcome some considerable challenges to build a theoretical collision attack in practice. As many as 6,500 years of CPU computation were required to complete the first phase of attack, and 110 years of GPU computation for the second phase. During these phases, researchers ran more than 9 quintillion different SHA-1 computations in total.
As proof of the attack, Google released two PDFs with identical SHA-1 hashes but different content.
What Is a Collision Attack and Why Does It Matter?
A collision occurs when two distinct pieces of data, such as a document or website certificate, produce a hash with the same number value. Collisions should, in theory, never occur for secure hash functions.
However, experts have long believed a well-funded attacker could craft a collision in a flawed algorithm, such as SHA-1. Google’s research proved this flaw and demonstrates how an attacker could use a collision attack to replace one file with another.
An errant individual or third party, for example, could use two colliding contracts to trick another party into digitally signing a higher-value contract. The seller could later claim the purchaser signed a contract with drastically different terms and a much higher price.
What Should Businesses and IT Managers Do Now?
The demise of the algorithm comes at a time when many organizations still rely on SHA-1. Estimates suggest thousands of software packages could use SHA-1 to ensure the safe installation and update of files distributed over the web.
Google says its research highlights how the IT industry must break its reliance on SHA-1. The source code for performing the collision attack on SHA-1 will be published in 90 days.
Stevens told Ars Technica that any individual or business still using SHA-1 should look to move to a safer standard before real-world attacks take place. He suggested that continued growth in computational power means it will become cheaper and easier to run such attacks.
Security Intelligence reported late last year how major technology firms such as Microsoft and Mozilla would stop accepting outdated certificates. In its blog post announcing the collision attack, Google suggests businesses should urgently move from SHA-1 to safer alternatives such as SHA-256.