[Infowarrior] - Announcing the first SHA1 collision

Richard Forno rforno at infowarrior.org
Thu Feb 23 08:35:07 CST 2017


(c/o KM)

Announcing the first SHA1 collision
February 23, 2017

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power.

Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

< - >

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html


More information about the Infowarrior mailing list