SHA-1 Algorithm Crack by Google: Much Ado about Nothing?

Google went public on the Secure Hash Algorithm 1 (SHA-1) encryption collision, announcing that they had succeeded in breaking SHA-1 encryption in a use case involving a pair of documents.

SHA-1 play a role in browser security, managing code repositories, or detecting duplicate files in storage, as the functions compress large amounts of data into a small message digest.

While the cryptographic requirement for wide-spread use, means finding two messages that lead to the same digest should be computationally infeasible.

A collision happens when a hashing function breaks, and two files produce the same hash. This simply means that SHA-1 method of internet security that has been known to be theoretically vulnerable has now been proven vulnerable.

Google plans to release the code they used to break the SHA-1 encryption, which practically makes it available to attackers with an instruction manual for breaking the algorithm. It’s now more urgent than ever before for security practitioners to migrate to safer cryptographic hashes.

Google had long advocated for the deprecation of SHA-1, particularly when it comes to signing TLS certificates.

As a result, almost all websites have dropped SHA-1, and most major browsers show a big red warning when you visit a site secured by SHA-1. And luckily, nothing too serious will ever get broken.
Next Post »