SHA1 is dead - First known collision exploit discovered

[Deozaan]

Cryptographers refer to the attack disclosed Thursday as an "identical-prefix" collision, meaning it allows the attacker to create two distinct messages that have the same hash value. This variety is less powerful than the "chosen-prefix" MD5 collision carried out by Flame. In the latter case, attackers can target one or more existing files, such as the digital certificate that a company uses to authenticate its update mechanism. Despite the collision against SHA1 being less powerful, cryptography experts said any real-world identical-prefix attack represented a game-over event for a hashing function.

"In crypto we have the idea that hash function collisions should be really hard to find, even if they're 'useless,'" said Johns Hopkins University professor Matt Green, speaking generally about collisions before he learned the specifics of the new SHA1 attack. A real-world collision attack "is the equivalent of finding out that your scalpel wasn't sterilized properly. It may not verifiably have germs on it, but the whole instrument is considered unsafe."

-https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

Read more here:
https://arstechnica....unction-is-now-dead/

[wraith808]

https://security.goo...-sha1-collision.html

https://tech.slashdo...ainst-sha-1#comments

[brotherS]

Yeah, interesting topic! I found this fascinating:

The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

[Tuxman]

SHA1 is dead

-Deozaan (February 23, 2017, 06:53 PM)

No, it's not - that's where the problem lies.