SHA1 Is Now Officially Insecure

in #security8 years ago

A collision in the SHA1 hashing algorithm has now been demonstrated. I just saw this article retweeted and wanted to share it with the developer community on Steemit as well:

At death’s door for years, widely used SHA1 function is now dead.

Some key paragraphs that stood out to me:

Now, researchers have demonstrated a similar type of real-world attack against SHA1, which ironically was widely adopted after the insecurity of MD5 became well-known. The SHA1 collision is documented in a research paper published Thursday. It presents two PDF files that, despite displaying different content, have the same SHA1 hash. The researchers warned that the same technique—which costs as little as $110,000 to carry out on Amazon's cloud computing platform—could be used to create collisions in GIT file objects or digital certificates.

Fortunately, certificates to HTTPS-protected websites aren't likely to be affected. Since the beginning of this year, browser-trusted certificate authorities have been barred from relying on SHA1 to sign TLS certificates they issue.

Consistent with Google's security disclosure policy, the source code for performing the collision attack will be published in 90 days. That means Git and an unknown number of other widely used services that rely on SHA1 have three months to wean themselves and their users off the insecure function

That last one is huge.

Declining payout, just posting as an FYI.

Sort:  

Luke, I love reading all your posts. They always have great value in my eyes and I tend to agree with most of your positions. That said, a lot of the stuff you talk about is WAY over my head (not your fault obviously, I just don't know as much about this stuff as you and others do), this post is a prime example. I might as well be reading hieroglyphs. What are the chances you could do a "dumbed down" version in a paragraph or less for us not so technologically advanced peasants? Might be too much to ask, but I thought I would regardless.

We can generate a 'hash' of a file which is basically a big number that will generally be different for every file. It is very hard to create two files that will have the same hash. It's often used to prove that a file hasn't been changed (accidentally or maliciously). There are various algorithms to do this. SHA-1 has been around since 1995 and is considered broken.

So, it essentially is an outdated security feature which is prone to hacking?

Yes. Clever people find ways to shortcut breaking it. Google and others have been encouraging sites to upgrade to something better, but some of them move very slowly. Changing how your site works is likely to break it, so they are very cautious.

I figured this post wouldn't be for everyone (one of the reasons I declined payment). It would take a little bit to explain what a hashing algorithm is and why that's important for security (which also involves blockchain technologies), but for the most part, non-programmers don't have to worry about this stuff too much. There are probably resources online that would do a much better job than I at explaining what this is about.

I'm glad you enjoy reading. I know I can't please everyone all the time, so I appreciate your willingness to learn more and grow. :)

Consistent with Google's security disclosure policy, the source code for performing the collision attack will be published in 90 days. That means Git and an unknown number of other widely used services that rely on SHA1 have three months to wean themselves and their users off the insecure function

Woah. I wonder what this news will do for sha256 that bitcoin uses.

This was predicted and is why people have been moving away from it. It may still have a use to verify a file hasn't changed due to transmission errors. That is very unlikely to produce the same hash. It's inevitable that processing power will continue to get cheaper, so other algorithms may fall in time.

Indeed, but I do find it interesting that they actually did it, instead of just in theory. When the code is released for how to do it, that becomes a significantly more important issue for people to be concerned with. I wonder about embedded systems and the IoT of the future. How will we handle security vulnerabilities across so many devices?

I guess it was known how hard it was in theory and they decided to prove it.

IoT is already an issue. People don't update their PCs, so they are unlikely to do their lightbulbs.

For real. It's going to be a hacker's playground when people can control other people's devices. Hopefully that will raise awareness of the importance of security education.

For an average user security is ranked below price and ease of use. We've already seem webcams being hacked. There will be more

In reality it has been insecure for a while. This is just the final nail in the coffin.

SHA1 was never secure.

They even teach you how to break it in basic computer security classes, and have been teaching that for years.

Thanks. This is interesting.

$110K is still a rather steep price threshold to clear.

I wonder how much an adequate RSA/DSA/SSL2 hack would cost. Hopefully more than most hackers can afford.

The price may be worth it to someone and it's small change to the NSA. They have the processing power to do it themselves and it will only get cheaper over time.

The distributed.net project was about proving that some algorithms could be broken with brute force. Sometimes shortcuts are found that make it easier.

Shout out to @abit and @fyrstikken for voting up some comments here. :) I didn't share this expecting rewards but they are always nice to receive.