Is nowhere left secure? SHA-1 collision confirmed in study

24 Feb 2017

Image: PongMoji/Shutterstock

The SHA-1 has been successfully undermined, with a recent study all but confirming its new obsolete status.

In what’s known as a collision, the security infrastructure underpinning many parts of the internet has been severely damaged.

A new study published on the aptly named Shattered.io explains how two completely different files can have completely identical Secure Hash Algorithm-1 (SHA-1) codes.

What does this mean? It means that, for a price ($110,000), and backed with significant computer power, attackers could pass off fake as real.

By doing this, they could undermine entire security parameters. Essentially, nothing is secure.

Something similar happened at the start of the decade, when malware known as Flame did the same to the MD5 hash algorithm.

Flame essentially breached Windows’s update procedures, spreading its malware throughout networks, disguised as standard Microsoft updates.

In theory, the same could be achieved in SHA-1, according to the study.

“A key reason behind the reluctance of many industry players to replace SHA-1 with a safer alternative is the fact that finding an actual collision has seemed to be impractical for the past 11 years, due to the high complexity and computational cost of the attack,” reads the paper, led by Marc Stevens and Pierre Karpman.

Hash functions, such as SHA-1, compress large amounts of data into theoretically unique, small message digests. A collision occurs when two distinct pieces of data – a document, a binary, or a website’s certificate – hash to the same exact digest.

This should never happen but when the hash algorithm is flawed, such a possibility emerges.

“The attacker could then use this collision to deceive systems that rely on hashes into accepting a malicious file in place of its benign counterpart; for example, two insurance contracts with drastically different terms,” said Google.

Creating two pdfs with identical digests, the team proved that such events are now practical, with the collision attacks 100,000 times faster than brute force searches.

Part of a collaboration between Centrum Wiskunde & Informatica in the Netherlands and Google’s research security, privacy, and anti-abuse group, the results could prove a nightmare for many companies.

Google claims this should speed up the “sunsetting” of SHA-1 usage, something it has been doing for some time.

“As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1.

“We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure … and finally convince the industry that it is urgent to move to safer alternatives such as SHA-256,” the company said.

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com