Security researchers from Google and the CWI Institute in Amsterdam have cracked an old cryptographic algorithm called SHA-1 in a collision attack, making it dead or obsolete.
Security researchers have made the first successful collision attack against the Secure Hash Algorithm 1 (SHA-1) hash function, producing two different PDF files with the same SHA-1 fingerprint.
The National Institute of Standards and Technology (NIST) standardised SHA-1 in 1995 to securely compute message fingerprints for use in the computation of digital signatures that are essential to Internet security, like HTTPS (TLS,SSL) security, electronic banking, signing documents and software.
CWI cryptanalyst Marc Stevens says: “Many applications still use SHA-1, although it was officially deprecated by NIST in 2011 after exposed weaknesses since 2005.
“Our result proves that the deprecation by a large part of the industry has been too slow and that migration to safer standards should happen as soon as possible.”
Researchers were able to demonstrate a collision attack using two different PDF files with the same SHA-1 fingerprint, but with different visible contents.
The researchers had to use the equivalent of 6,500 years of CPU computation and 110 years of GPU computation to complete the two phases of the technique, and 9,223,372,036,854,775,808 SHA-1 computations.
It is more than 100,000 times faster than a brute force attack. The researchers said: “We used the same infrastructure that powers many Google AI projects including Alpha Go and Google Photo as well as Google Cloud.”
The group said they will be waiting for 90 days before releasing the code of the attack in line with Google’s vulnerability disclosure policy. They are also offering a free detection system to the public.
Google said in a blog post, “In order to prevent this attack from active use, we’ve added protections for Gmail and GSuite users that detects our PDF collision technique.
“Moving forward, it’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3.”