Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research ... As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content. ...The attack used 1019 SHA-1 compressions, and is not really a practical attack on the vast majority of the uses of SHA-1.
Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.
SHA-1 was phased out of high-security applications about ten years ago.
It is a little odd that Google is so eager to destroy SHA-1. It is also spending tens of millions of dollars to build a quantum computer to destroy RSA cryptography. It is almost as if it wants to wreck everyone security so it can spy on us more easily and sell ads for more money.
This research only applies to situations where you are uniquely identifying a document by its SHA-1 value. If you are hashing documents you produce yourself, it is not really a problem.
No comments:
Post a Comment