Google researchers have managed achieve a collision attack for SHA-1, creating two PDF files with the same signature. The weakness of SHA-1 has been known about for some time but this demonstrates that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible. There are more details on Google’s blog here. IT security experts from Venafi and Rapid7 commented below.
Kevin Bocek, Chief Cybersecurity Strategist at Venafi:
“Google’s announcement just confirms what we already know – SHA-1 is simply not secure. This is no longer science fiction. Unfortunately, despite the dangers, organisations are just not reacting. The time to eradicate SHA-1 digital certificates is now and it needs to be eradicated everywhere – from the public Internet to the deepest parts of private networks and datacenters. Procrastination is just a recipe for disaster with code enabling being made available soon to replicate the attacks.
In November our research found that 35% of organisations were still using SHA-1 certificates. In the light of this news, they might as well put up a welcome sign for hackers that says, ‘We don’t care about the security of our applications, data, and customers’. Worryingly, the average organisation has over 23,000 keys and certificates and most lack the tools or visibility to find all the ones using SHA-1 in their environment. And over two thirds of these are unknown until security teams go hunting. We are already past the SHA-1 deprecation deadline and the longer the problem goes unaddressed, the greater the potential damage that SHA-1 could cause.”
Tod Beardsley, Director of Research at Rapid7:
“The news of Google’s successful attacks against SHA-1 is certainly lighting up the cryptography circles on Twitter and the rest of the internet, and to be sure, there are plenty of applications that still rely on SHA-1 for ensuring the uniqueness of data. After all, once a technology becomes commonplace on the internet, it’s nigh impossible to stamp it out, even in the face of overwhelming evidence of its insecurity.
However, I’m not quite ready to panic over this finding just yet. We’ve known that SHA-1 has been on a death watch for years; Google, Microsoft, Apple, and Mozilla have all banded together to stamp out SHA-1 hashed SSL certificates for websites, and it’s rare to run into one today. I do worry a little about non-browser implementations of SSL/TLS (such as those used by IoT devices to talk to each other and cloud hosted APIs), but the attack surface here is significantly smaller than, say, the Heartbleed vulnerabilities when those were announced.”