SHA-1 now officially broken

  • 5 Replies
  • 285 Views
*

ron

  • Administrator
  • Guru
  • *****
  • 3,195
SHA-1 now officially broken
« on: February 24, 2017, 09:19:27 »
There was a very significant development in the crypto-world this week.  Researchers at Google and the CWI Institute in Amsterdam created an SHA-1 hash collision in a “practical” manner.  It’s been known for years that SHA-1 has theoretical weaknesses, but this is the first publicly known intentional hash-collision.  I say “practical” in quotes, because the computation required 6,500 years-worth of CPU time and 110 years of GPU time.  That’s a lot of computing power, but clearly if Google could pull it off, the NSA and the Chinese could also do it.  Perhaps large criminal enterprises could also manage it.

What does it mean for you?  Not too much in the near-term.  However, in practical terms it means that it is now possible (if not truly feasible) for someone to create a fake electronic document which is “identical with” some other document — “identical” as far as its SHA-1 hash is concerned.  This matters because quite a few software products rely on using SHA-1 to determine the authenticity of a document.  For example, the git software-control system as well as  [https://www.fossil-scm.org/index.html/doc/trunk/www/index.wiki]fossil[/url], which hundreds of thousands of developers use to store their code, use SHA-1 hashes to validate that code has or hasn’t been modified.  A determined attacker could possibly create virus-laden code which produces the same SHA-1 hash as “good” code, and thereby subvert the source-code of some product used by millions.  For instance: the Linux kernel.  That’s not a good thing.

6500 years of CPU is 56,940,000 hours.  The Amazon EC2 service offers CPUs for rent at a current price of $1.591 per hour for a 36-CPU machine (or $ 0.04419 per CPU-hour).  Thus, one could purchase the computing power needed for a mere $2,516,178 in current US dollars.  Round to $5 million to include overhead costs such as software development and personnel.  Forget what I said about governments; you could fund it with a Kickstarter campaign…

8th uses BLAKE2 as its default hashing function, though the default encryption method of AES256GCM uses SHA256.  You are encouraged to avoid using SHA-1 even though 8th does support it for legacy purposes.
« Last Edit: February 24, 2017, 09:47:45 by ron »

*

Dirt Meister

  • Guru
  • *****
  • 568
Re: SHA-1 now officially broken
« Reply #1 on: February 25, 2017, 00:04:21 »
Thanks Ron!
It all goes to show that nothing man made is secure with a will and a way...
Hmmm...I wonder what is next> Any of the SHA's more vulnerable now the SHA-1 can be broken??

*

ron

  • Administrator
  • Guru
  • *****
  • 3,195
Re: SHA-1 now officially broken
« Reply #2 on: February 25, 2017, 16:26:54 »
I don't think the other SHA family are affected, since they're not really that closely related.  Certainly the SHA-3 group (SHA256 etc) are still considered untarnished.

*

Dirt Meister

  • Guru
  • *****
  • 568
Re: SHA-1 now officially broken
« Reply #3 on: February 26, 2017, 23:03:49 »
Thats good to hear! Looking at FPGA's and I see a lot os SHA 256 but no BLAKE! Is that common??

*

ron

  • Administrator
  • Guru
  • *****
  • 3,195
Re: SHA-1 now officially broken
« Reply #4 on: February 27, 2017, 04:59:15 »
BLAKE2 was one of the SHA3 finalists.  It's super fast, which is one of the reasons I chose it for 8th.  It's not widely used, though.

*

Dirt Meister

  • Guru
  • *****
  • 568
Re: SHA-1 now officially broken
« Reply #5 on: March 02, 2017, 02:24:27 »
It was interesting to see VHDL source code for BLAKE out there...
I was thinking that crypto was mostly software not hardware...
Nowadays maybe we can make hardware from software...