SHA-1 has long been discredited for known weaknesses.
SHA-1 has long been discredited for known weaknesses.

Researchers out to demonstrate inherent weaknesses in the SHA-1 internet security standard announced they had broken the legacy cryptographic algorithm using a so-called collision attack.

SHA-1 has long been discredited for known weaknesses, but the newly unveiled research illustrates its susceptibility to previously unknown security infractions. Going beyond theoretical probabilities, the demonstration proves that systems still using SHA-1 to verify transactions are at risk.

The "cryptographic hash function" is a mathematical algorithm that uses a 40-character string to represent a digital object to secure credit card transactions, electronic documents, GIT open-source software repositories and software distribution. No two "digests" should be the same.

But, owing to an effort between the Cryptology Group at Centrum Wiskunde & Informatica – a Dutch research institute for mathematics and computer science – and the Google Research Security, Privacy and Anti-abuse Group, a cryptanalytic attack was developed to illustrate how a SHA-1 signature produced for one file could be misused as a valid signature for any other colliding file.

"Moving forward, it's more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3," the Google researchers stated on a blog post.

"The news of Google's successful attacks against SHA-1 is certainly lighting up the cryptography circles on Twitter and the rest of the internet, and to be sure, there are plenty of applications that still rely on SHA-1 for ensuring the uniqueness of data," Tod Beardsley, director of research at Rapid7, told SC Media on Thursday. "After all, once a technology becomes commonplace on the internet, it's nigh impossible to stamp it out, even in the face of overwhelming evidence of its insecurity."

However, Beardsley says he's not quite ready to panic over this finding just yet as SHA-1 has been on a death watch for years. Google, Microsoft, Apple and Mozilla have all banded together to stamp out SHA-1 hashed SSL certificates for websites, and it's rare to run into one today, he says. "I do worry a little about non-browser implementations of SSL/TLS (such as those used by IoT devices to talk to each other and cloud hosted APIs), but the attack surface here is significantly smaller than, say, the Heartbleed vulnerabilities when those were announced.” 

Google's announcement just confirms what is already known: SHA-1 is simply not secure, Kevin Bocek, chief security strategist for Venafi, told SC Media on Thursday. "Attacks against SHA-1 are no longer science fiction. Unfortunately, despite the dangers, many organizations are just not reacting quickly.”

The fact is, in November Venafi research found that 35 percent of organizations were still using SHA-1 certificates. "These companies might as well put up a welcome sign for hackers that says, ‘We don't care about the security of our applications, data and customers',” Bocek said.

But, other experts recognize a silver lining. Ivan Ristic, SSL Labs founder at Qualys, told SC Media on Friday that while this collision is unsurprising, it's an important accomplishment for the security community.

"Back in 2008, the MD5 hash function remained in use although its weaknesses had been widely understood," Ristic said. "It took a team of researchers to demonstrate a practical collision – against a genuine certification authority – for MD5 to finally be retired. It seems that we've learned our lesson." With SHA1, Microsoft announced the deprecation in late 2013, and later Google, other browser vendors, and CAs did their bit to transition away to stronger hash algorithms over the course of two years, by the end of 2015, Ristic pointed out. "Because of all that work and heightened public awareness, this first practical collision didn't surprise anyone, and comes at a time when SHA1 is no longer needed for public communication."

The security researchers should be congratulated for their continued work on shining light on weaknesses in SHA1, he added, "but we shouldn't forget that we, as a community, did very well."