The Hackr

Google sheds SHA-1 Encryption with successful Collision Attack

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife.
Hashes play a key role in almost everything, ranging from browser security, to managing code repositories, or even just detecting duplicate files in storage. Thus, it became a standard for ecryption these days.

The “SHA-1 hash algorithm” is still in use for verifying the authencity of digital content, despite the march of Moore’s Law ramping up computing power available to hackers in the wild and despite other, more robust alternatives having existed for years.

 

Today, more than 20 years later SHA-1 was first introduced, security researchers  at Google, announced the first practical technique for generating a collision.
 A ‘collision’ here refers to being able to generate the same hash multiple times — thereby potentially enabling a attacker to deceive a system into accepting a malicious file in place of its benign counterpart.

SHA-1 Collision

According to the blog post on Google, Marc Stevens  published a paper that outlined a theoretical approach  to create a SHA-1 collision. The team leveraged Google’s technical expertise and cloud infrastructure to compute the collision which is one of the largest computations ever completed.

So How Large the Computation Was?

Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total

  • 6,500 years of CPU computation to complete the attack first phase
  • 110 years of GPU computation to complete the second phase

While those numbers seem very large, the SHA-1 shattered attack is still more than 100,000 times faster than a brute force attack which is almost impractical!

 

Mitigating the risk of SHA-1 collision attacks

So today, it’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3 which are quite hard to do a collision attack!

So, what do you think about this? Let us know in the comments below!

Sreehas

The hacking trend these days has definitely turned criminal because of e-commerce ¯\_(ツ)_/¯

Chat With Our Bot ☎️

IntroducingTheHackr Chatbot,now anyone can interact with our messenger bot and get daily crunches about Cyber-Security in just a clicks away!

up