Google has announced research that it hopes will begin the sunset process on the SHA-1 encryption hash.
Released alongside the CWI Institute in Amsterdam, the “Shattered research” culminates two years’ work to create a practical technique for generating a collision. In a blog post, the project which was authored by Google’s Marc Stevens and Elie Bursztein, who collaborated on making Marc’s cryptanalytic attacks against SHA-1 practical using Google infrastructure.
“Our findings emphasize the necessity of sunsetting SHA-1 usage,” the blog read. “Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. As early as 2014, the Chrome team announced that they would gradually phase out using SHA-1. We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure.”
Google follow the likes of Microsoft and Mozilla in announcing that their web browsers will end support for SHA-1 certificates.
SHA-1 is used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, including credit card transactions, electronic documents, open-source software repositories and software updates. Google claimed that its research shows that it is “now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.
“Today, many applications still rely on SHA-1, even though theoretical attacks have been known since 2005, and SHA-1 was officially deprecated by NIST in 2011. We hope our practical attack on SHA-1 will increase awareness and convince the industry to quickly move to safer alternatives, such as SHA-256.”
SHA-1 certificates are not issued by any Certification Authority abiding by the CA/Browser Forum anymore. Google announced support for SHA-1 certificates would end with Chrome 57, which was released in January 2017.
David Chismon, senior security consultant at MWR InfoSecurity, said: “The SHA-1 algorithm has been known to be weak for some years and it has been deprecated by NCSC, NIST, and many vendors. However, until today no real world attacks have been conducted. Google's proof of concept, and the promise of a public release of tools may turn this from a hypothetical issue to a real, albeit expensive one.
“Hopefully these new efforts of Google of making a real-world attack possible will lead to vendors and infrastructure managers quickly removing SHA-1 from their products and configuration as, despite it being a deprecated algorithm, some vendors still sell products that do not support more modern hashing algorithms or charge an extra cost to do so. However, whether this happens before malicious actors are able to exploit the issue for their benefit remains to be seen.”