Google Proves It: SHA-1 is Broken
On February 23, 2017, the announcement the cryptography world has been waiting for finally came. Google and Centrum Wiskunde & Informatica (CWI) Amsterdam, the Netherlands’ national research institute for mathematics and computer science, teamed up to demonstrate that the insecurity of SHA-1 has moved from theoretical to proven. The teams released a joint statement on Google’s security blog detailing how they generated a hash collision.
A hash collision is achieved when two different inputs using cryptology yield identical results, effectively rendering the cryptology vulnerable, since a malicious file could be introduced that fools the cryptology. Until now, only “brute force” collisions had been proven to be possible, and experts estimate that brute force attacks on SHA-1 would require 12 million graphics processing unit (GPU) years to complete, which renders brute force impractical. The combined Google/CWI team exploited weaknesses in SHA-1 to speed this process up one hundred thousand times. This effectively demonstrates that SHA-1 is, in practice, now proven to be vulnerable to attacks from well-funded entities with sufficiently sophisticated computing power.
Google’s announcement was not a complete shock. As early as 2005, a team of researchers from Shandong University in China wrote about the theoretical possibility of practical techniques for generating collisions in SHA-1. In 2013 Marc Stevens, the head of the team from Google that broke SHA-1, published a paper on the topic as well, and February’s announcement has therefore been considered only a matter of time.
So what to do about it? Experts have been recommending that SHA-1 be deprecated for years. Luckily, most websites currently use SHA-2, a less vulnerable version of the technology. All reputable certificate authorities, including SSL.com, have retired SHA-1 certificates and use SHA-2 exclusively.