Around 2 years back we talk about how to upgrade to SHA-256 and ECC SSL (ECDSA) certificate for the TLS/SSL certificate users. Secure Hash Algorithm 1 is a Cryptographic hashing function. Secure Hash Algorithm 1 (SHA-1) is Circumvented by Google Research For Testing Vulnerability. Some researchers theorised vulnerabilities of SHA-1 from 2005 and now have been exploited for the first time with an unusual technique.
The Story Behind Secure Hash Algorithm 1 (SHA-1) Circumvented by Google
SHA-1 hash algorithm is present for about twenty years. It was designed in 1995 by the National Security Agency (NSA) and has repeatedly audited by the security experts since 2005 for having several theoretical vulnerability in its code. The flaws highlighted in 2011 by the analysts to put the official announcement of SHA-1 to death, but despite that fact, this fact, SHA-1 hash algorithm is still widely used.
The Google security researchers is about to publish a detailed report on the first collision attack which successfully executed the algorithm to face damage. What is it exactly? Google team has had success instead of discovering the first practical method of generating a collision.
The researchers were able to create an illegitimate file that has the same SHA-1 hash compared to the legitimate file by collision attack. The flaw of the potential are obvious – to deceive any system by presenting a malicious file as authorised would open new scenarios attacks on the Web.
It is now practical for SHA-1 not to use for the digital signatures, file integrity, and file identification purposes. Everyone Should migrated to safe standards before real-world attacks happens. With time, better and faster computational power will be cheaper and attackers will have the uncanny ability in exploiting vulnerabilities than common expectations.
The resources needed for SHA-1 collision attack is/are not available to everyone. The researchers expect that the release of the paper accelerates the migration from SHA-1 to more secure solutions such as SHA-256 and SHA-3. Attack against SHA-1 will finally convince the industry to take it as an urgent move to safer alternatives like SHA-256. Within 90 days SHA-1 will be easy to circumvent by anyone to have adequate computing resources and experience to launch the attack. Some opined that not only Google, but also other Governmental agencies have systems and personnel to break it.