Google Announces First Practical SHA1 Collision

Written by Michael Larabel in Google on 23 February 2017 at 08:14 AM EST. 34 Comments
GOOGLE
While SHA1 is still much better off than MD5, developers really should think about moving to SHA256 or other crypto hashes with Google now demonstrating the first SHA1 collision.

Google today announced the first practical technique for generating a SHA1 collision where two files could have different contents yet generate an identical SHA1 hash.

Though it's still not too easy to come by such an attack: Google's SHA1 "shattered" attack takes 110 GPUs one year of work to produce a collision while a SHA1 bruteforce attack on the other hand would take 12 million GPUs and a year worth of work.

In 90 days, Google will release its code that allows people to create a pair of PDFs that hash to the same SHA1 sum but there are some pre-conditions.

Those interested in Crypto can read Google's announcement this morning via their security blog or as with most disclosures they have come up with a cute name and website: Shattered.io.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week