Many of you know that the cryptographic hash algorithm SHA-1 is in the process of being deprecated, due primarily to the hashing algorithm’s susceptibility to collision attacks. I first wrote about this back in 2011: http://blog.css-security.com/blog/times-up-for-sha-1-css-suggested-migration-path.
This week, researchers have announced the discovery of a dramatically new and efficient way to calculate collisions found in SHA-1’s compression function.
Researchers Marc Stevens, Pierre Karpman, and Thomas Peyrin released a new hash attack called “Freestart Collisions"(https://sites.google.com/site/itstheshappening/). This new attack on SHA-1 has dramatically reduced the time it takes to calculate SHA-1 collisions. More importantly, this work serves to illustrate the overall weakness of SHA-1.
Researchers using “Freestart Collisions” have demonstrated that SHA-1 hash collisions can be computed in under 10 days, using $75k-$125K of rented computer server time. This dramatically lowers the bar, and makes the creation of SHA-1 collisions much more affordable to malicious groups and agents an entire two years ahead of earlier predictions.
Noting this new timeline, CSS recommends that the use of SHA-1 be phased out as soon a practically possible. This will necessitate the adoption of SHA-2 based systems throughout corporations worldwide, requiring both integration and migration planning.
But given this new understanding of the risks associated with the continued use of SHA-1, I believe SHA-2 adoption costs have never been easier to justify.