Unsafe hashing algorithm really is unsafe
SHA-1 stands for Secure Hash Algorithm but version 1, developed in 1995, isn't secure at all. It has been vulnerable in theory since 2004 though it took until 2017 for researchers at CWI Amsterdam and Google to demonstrate a practical if somewhat costly collision attack.
Last year, crypto-boffins Gaëtan Leurent, from Inria in France, and Thomas Peyrin, from Nanyang Technological University in Singapore, proposed [PDF] a more robust technique, a chosen-prefix collision attack.
And this week, at the Real World Crypto Symposium in the US, they described how they made it work.
"This more powerful attack allows to build colliding messages with two arbitrary prefixes, which is much more threatening for real protocols," said L ..
Support the originator by clicking the read the rest link below.
