Internet’s one of the most used hash function SHA-1 is now officially broken. Many attacks can be crafted with ease by attackers with abundant resources and many infrastructural security steps are cannot be trusted any more. How great is that!
Though it was deemed to be open to attacks before, the industry did not widely got rid of that since it seemed too practical to implement and use. Also it was quite tolerable concerning computational overheads.
SHA-1 collision, that is what is happening now. Very rarely, some old and unused hash functions may create collision; totally different files may produce the same hash value. We’ve seen it in MD5, which is now widely deprecated. But as an old but actively relied upon hash function, SHA-1 is now a target of an attach, which reduces the improbability of collision by far.
How SHA-1 is abused?
Attackers can now create two different PDF files with different contents but in the end, files end up creating the same hash value when they go through SHA-1 function. If it can be done, it is, in practise, a proof that the hash function should be considered insecure. The info page shattered.io says that there have been no sightings of any abuse related to this vulnerability.
SHA-1 is popular among many applications. Digital certificate signing, software update and installer verification, backup verification… you name it. Since it was better than MD5 with a little more computational overhead, industry use is widely. But in the most of the critical points, it was already being rotated out.
Nevertheless, crafting the attack requires immense amount of computational power. If you would try to brute-force craft a file to mimic the SHA-1 hash value of the original file, you would be doing a little less than 10×10^(18) SHA-1 computations. But with this attach method, the process is faster around 100,000 times. It is partly because of the PDF format itself.
What to do?
I guess all the software vendors out there are preparing patches right now. We are expecting Chrome and Firefox strictly deny SHA-1 signed certificates from web sites and GitHub (they rely on SHA-1 just too much) find a way to implement another hash function soon to verify commits and stored files. This case’s impact does not seem to be as much as the Heartbleed but it would pose a serious threat if left unchecked now.
For more information, please visit shattered.io
Update: A friend of mine pointed out to a post by Linus Torvalds in a mail group in which he tells “why Git system (also GitHub) is hardly broken now”. Otherwise he agrees that better hash functions should be used.