A SHA-1 vulnerability discussed 10 years ago has now been exploited. On February 23, researchers at Google and the CWI Institute in Amsterdam announced they have demonstrated its 1st known hash collision.
The Secure Hash Algorithm (SHA-1) is a cryptographic hash function – otherwise known as a message digest. It is a 160 bit one-way hash function used in encryption. Originating in 1995 it was deprecated by NIST in 2011. As a result of it being broken last week, stronger substitutes should be used.
The SHA-ppening to SHA-ttered
Researchers predicted in 2005 this algorithm would not be secure for much longer. The “SHAppening” showed weakness with the algorithm. Years later the technique was shattered when a collision was discovered.
The key finding was a collision in the has values. Collision here means 2 different entities resolve to the same hash. Good principles of encryption protocols state that it should be impossible. A good message digest should never return the same hash value for 2 different entities.
This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.
The full white paper can be read here.
Abuse of Encrypted Expectations
Abusing a collision can deceive systems. A service can expect to receive one message and instead receive something malicious in its place with the same hash. Consequently, this is important because of its use in message and file integrity, password verification, certificates, and encrypting things on the internet. It has the ability to affect a wide variety of encrypted messages such as credit card transactions.
Impact and Risk Assessment
A lot of encryption implementations still use SHA-1. Depending on which determines the personal impact; however, consider that online document signatures, HTTPS certificates, TLS/SSL and financial services may still employ this.
NOTE: No Certificate Authority (CA) is allowed to issue SHA-1 but that doesn’t mean there are none still out in the wild.
…it would cost $500,000 – $800,000 to replicate the computational power and effort to break it
Industry players knew this was coming but didn’t move to a safer alternative because of the effort involved and cost of the attack. However as time goes the costs and effort will be lowered to a point where exploiting SHA-1 is easily done on consumer grade equipment.
Services that employ SHA-1 should move to a safer alternative such as SHA-256 or SHA-3. Some services will have a harder time with that such as Git or Subversion because SHA-1 is baked into the software.
While this isn’t the first time an issue like this has occurred (think MD5), it necessary to be constantly aware of known security holes and move to plug them. Encryption developers need to stay aware of security holes with protocols and consumers need to be aware of these threats to protect their data.
Google Chrome now considers any website protected by SHA-1 as insecure. In addition, Firefox immediately announced they will phase out SHA-1. Pay attention to what other vendors do and keep your browsers up to date!
Finally, use the file tester to experiment with different files.
One thought on “SHA-1: When 2 Message Digests Collide”
[…] always encrypted. The LinkedIn Hack of 2012 is my favorite example. They were hashing with SHA-1. I wrote about the SHAppening – this has been known since 2007 but not demonstrated be to cracked until 2018. Nevertheless […]