SHA-1 should no longer be used, at least since researchers in 2017 were able to produce two documents that had the same SHA-1 hash. Two researchers from France and Singapore have now constructed an attack against the hash function that goes one step further.
Collision security is one of the most important features of cryptographic hash functions. It should not be possible to find two different entries with practicable effort that generate the same hash value. The researchers two years ago did just that: they created two files that they hated with SHA-1 and got the same value.
Read More Stories: An antitrust investigation on Android also for India
However, they were unable to freely determine the two files. The new attack is a so-called Chosen prefix collision attack, so at least colliding files can be determined with a freely chosen prefix.
For attackers, this is much more practicable: In 2009, security researchers at the Chaos Communication Congress showed a handy Chosen-Prefix collision attack on the MD5 hash function, in which they were able to falsify a certificate for a Certification Authority. This in turn allowed them to issue certificates for any websites that the browser accepts as valid.
Read More Stories: Web Applications: An introduction to Nest.js
Not much more complicated than a normal collision attack
The discoverers of the new SHA-1 attack also state in their paper that such an attack would no longer be theoretically feasible. Commenting on ZDnet, Thomas Peyrin, one of the participants, said: “It was assumed that ‘chosen-prefix’ collision attacks were much harder to find than classical collisions.The best known method for SHA-1 required 2 ^ 77 evaluations Practice not relevant. “
Read More Stories: Chris Hughes, co-founder of Facebook: “It’s time to break Facebook”
Their attack, the researchers estimate, requires between 2 ^ 66.9 and 2 ^ 69.4 SHA-1 calculations – not much more than a simple collision attack. In 2017, this cost about 100 GPU years of computing capacity, and certainly a realistic scenario for attackers with access to large clusters of graphics cards. Currently, the researchers from France and Singapore are working to perform their attack practically and to find a corresponding colliding hash value.
Not all of them have got away from SHA-1 yet
At least since the 2017 attack, many have turned away from SHA-1. Large browser manufacturers, for example, announced that they would no longer support old versions of the TLS protocol from 2020 onwards , which only use the hash functions MD5 and SHA-1 for signing TLS handshakes. Also, the developers of the Git version control system have made the change to SHA-256, but still not completed.
Read More Stories: bloxberg: New blockchain research project for scientists
“This work is another nail in the SHA-1 coffin,” the researchers write in their paper. Even though everyone should have known better, it will – once again – be time to get away from SHA-1.