SHA-1 Collisions Research
MSRC Team February 23, 2017
Today, a group of eight researchers from across the security industry released a research report (
http://tinyurl.com/han7ltc ) on SHA-1 that demonstrates for the first time, a ôhash collisionö for the full SHA-1 hash algorithm (called ôSHAtteredö). This is a significant step toward understanding this type of security issue, a milestone in cryptanalysis that has been underway for the past decade. The report website also includes a tool co-authored by my colleague Dan Shumow (Senior Software Development Engineer, Security & Cryptography, Microsoft Research) that can be used to detect the presence of a collision in a file.
SHA-1 is used in digital certificates (TLS) and code signing applications. By taking advantage of SHA-1, a potential attacker could spoof content, perform phishing attacks, or perform ôman-in-the-middleö attacks.
Anticipating a point in time when there would be capability to create a practical ôcollision,ö Microsoft has been working with the industry since 2012 to encourage customers and partners to phase out the SHA-1 hash algorithm. WeÆve also provided guidance to consumers and developers about the possible risk when they encounter websites and downloads that use SHA-1. The research and creation of an example provides a way for organizations to assess what additional protections they could consider to protect against these types of potential security threats.
WeÆre proud of the work Microsoft researchers have done in collaboration with external experts on cryptanalysis over the years. Specifically, DanÆs research has focused on hash collision detection, and he co-created code that can be used to check files for the cryptanalytic collision attack on SHA-1 noted in the report. Dan partnered with Marc Stevens of Centrum Wiskunde & Informatica (CWI), and they made the code publicly available online in various places, including on GitHub (
http://tinyurl.com/jcg2t36 ), starting in 2015. The code is a performance improvement of the previous concept of counter-cryptanalysis to detect potential SHA-1 collision attacks using a single file from a colliding file pair.
As predicted years ago, todayÆs news is further evidence that use of SHA-1 as an encryption technology is at its end. For those already on the path away from SHA-1, we recommend they stay the course and accelerate where possible if they depend on SHA-1 in critical encryption scenarios.
Learn more about our SHA-1 plan via TechNet here (
http://tinyurl.com/hf6lcgw ) or our developer blog here (
http://tinyurl.com/zytvuhp ).
Phillip Misner, Principal Security Group Manager, Microsoft Security Response Center
link :
http://tinyurl.com/hhqj4co
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games