Skip to main content
  1. Home
  2. Computing
  3. Features

A common form of web encryption has been shattered, but it might be for the best

Add as a preferred source on Google

When a paper demonstrating the first known SHA-1 collision was published last month, it caused quite a stir among the tech community. SHA-1 is still an extremely popular form of encryption, and breaking it wide open could expose a wealth of sensitive information.

“It’s moved from a theoretical attack, to a provable, real-world attack with proofs of concept that are out there in the wild,” said Brian Hanrahan, product manager as endpoint security specialist Avecto, speaking to Digital Trends on the telephone. “So, the probability of someone out there leveraging a SHA-1 collision attack has increased exponentially, because now there’s code that shows how to do it.”

Recommended Videos

When Google releases the source code behind its findings, anyone who wanted to force a collision for malicious purposes could use it as a template. That sounds dangerous – but is it really the threat it’s made out to be?

The Collision

“I do think that there’s a lot of panic around this, when there probably oughtn’t be,” said Tod Beardsley, the director of research at security engineering firm Rapid7. “Can criminals run out and use this attack to steal money?  I don’t see an application like that.”

“These collisions in SHA-1 required the attackers to have control of both the ‘good’ data and the ‘bad’ data,” Beardsley explained, referring to the two PDF documents that were forced to ‘collide,’ occupying the same SHA-1 hash. “When you control both, it’s kind of game over if you don’t trust that person.”

The paper demonstrated how to cause a collision between two hashes, but both documents were in control of the researchers. In terms of carrying out an attack, this isn’t as useful as being able to force a collision with a hash controlled by someone else.

Beardsley told us of a scenario where someone might want to inject ‘evil code’ into Linux. A SHA-1 collision could be used to do so, but carrying out such an attack would still require impersonation of a trusted user to have control over an iteration of the code. While not impossible, the complexity of the task means it would probably be possible only by the largest and most skilled hacking organizations.

Still, a company like Google wouldn’t invest time and effort into its collaborative research with the Centrum Wiskunde & Informatica for no good reason. Though a widespread attack that uses a SHA-1 collision isn’t necessarily imminent, this is important work that will help push internet security standards forward.

A Nudge in the Right Direction

“We’ve had some time, right?” said Beardsley. “We’ve seen this coming down the road. And this is going be the case for many hashing algorithms. As time goes on, and science gets better, and computers get cheaper, we’re going to find that hashing algorithms will fall over in some cases.”

For the last few years, it’s been clear that SHA-1 was on borrowed time. The companies behind major web browsers like Chrome, Safari, Firefox, and Internet Explorer have already started putting their deprecation plans into action.

“It was around late 2012, early 2013, when all the browser manufacturers got together and said, ‘this is not gonna work anymore, let’s start phasing out certificates that use SHA-1 hashing to validate that the server’s real,’” explained Beardsley. “That all was happening up until December 31 of last year, that’s the point where we were supposed to be all off SHA-1 certificates.”

SHA256 Code Animation

“People are aggressively moving to SHA-256; Microsoft, Google, all of the major technology companies have been doing that,” said Hanrahan. “I think the impetus that’s going to drive people to do it faster now is that there’s a proven, real-world attack.”

Evidence of the SHA-1 collision, which was published online under the catchy SHAttered moniker to ensure maximum visibility, is of critical importance to the continued effort to transition away from the algorithm. While we’ve known that SHA-1 was theoretically unsafe for some time, it takes more than potential threats to prompt the widespread action necessary to facilitate large-scale deprecation.

The possibility of a SHA-1 collision wasn’t enough to make companies as powerful as Microsoft and Google to enforce the switchover to SHA-2. The paper published last month, which makes it a reality, will hopefully force the issue, as with the source code out in the open, SHA-1 is something of a sitting duck — even if it is unlikely that attackers would choose to abuse its weaknesses over another, easier strategy.

But why would anyone want to keep SHA-1 in place?

Inertia and the Legacy Problem

When I asked Tod Beardsley why it was so difficult to retire hashing technology like SHA-1, he laughed. “It’s kind to say difficult, I think it’s impossible,” he explained. “I still use MD5 for things, and MD5 has been dead forever. When it comes down to it, in most cases, it’s good enough — this will set cryptographers’ teeth on edge, saying things like that, but that’s kind of the reality of those implementations,” said Beardsley. “I think you have a lot of inertia, when something kind of, mostly, works. It kind of still mostly works. That would describe the whole internet: the internet kind of, mostly, works.”

You can’t go back to software houses that are out of business and ask them to generate a SHA-2 hash.

It’s a classic case of ‘if it ain’t broke, don’t fix it,’ except in this case, the thing in question is very old, and would break if it was struck by a strong wind. Still, it’s inconvenient to replace SHA-1 with something else, especially while it’s still in working order. And there’s another reason why SHA-1 won’t be wiped from the face of the earth completely any time soon. It’s used to hash software, which is far more stoic than the living, breathing internet.

“The legacy problem is really what needs to be dealt with,” said Hanrahan. “For software that’s been generated in the past, and for which there’s only a SHA-1 hash, you can generate a SHA-256 hash for those files, or whatever entity you’re trying to identify — but you have to start with a known, trusted source.”

He gives the example of writing and compiling a piece of software on his computer, right now. He could hash it with MD5, SHA-1, or SHA-256, and at that time, he would be certain that the hashes relate specifically to that piece of software. However, if he were to compile the software and send it to another person, they would have no way of verifying what the hash was when he created the software. They could produce a SHA-256 hash, but they would have no way of being completely sure that the software hasn’t been tampered with beforehand.

Image used with permission by copyright holder

“You can’t go back in time to software houses that are already out of business and ask them to generate a new SHA-2 hash for software that they created 25 years ago,” he explained.

In most cases, you would likely be safe to assume that the SHA-1 hash is legitimate, and generate a SHA-2 hash for that software. However, now that last month’s paper has outlined a way to force a collision between two SHA-1 hashes, there’s an element of doubt. “Using SHA-1 to verify a binary is no longer considered absolutely precise and perfect,” added Hanrahan.

Evidently, this kind of change in security standards doesn’t come easy. And once SHA-1 has been phased out in favor of SHA-2, what’s to stop the powers that be pushing for a move to SHA-3? Couldn’t this game of catch-up go on indefinitely? No — and we have math to thank for that.

What’s next, and the quantum problem

“With regards to SHA-2, if you think about the enormous computing power that it takes to break a SHA-1 based certificate, it’s not like we’re doubling it to go to SHA-2,” said Hanrahan. “It’s an exponential difference in the amount of computing power that would be required.”

“Quantum computing also, incidentally, breaks all existing cryptography”

SHA-2 is the successor to SHA-1, and consists of six different functions with varying hash values. “It’s not like tomorrow they’re going to turn around and say, ‘oh, we broke SHA-2 now,’ because it’s a computing power problem,” Hanrahan added. “It’s taken basically all the computer power they have to generate one collision for SHA-1, and to show how to do it.”

Outside of vulnerabilities that are being kept secret, it seems that SHA-2 will be sufficient for current hardware. However, when our computers take their next evolutionary step, cryptography must do the same. Quantum computing will change all the rules when it’s practical, according to Beardsley.

“Quantum cryptography tends to favor the secret keeper, rather than the breaker — the cryptoanalyst,” he said. “According to what we know about math today, that seems to be the endpoint. We can’t really see beyond that.”

The advent of the quantum computer will make the upheaval caused by the transition from SHA-1 to SHA-2 look miniscule. “[Quantum computing] also, incidentally, breaks all existing cryptography, but from that point on, things get pretty good for the secret keepers.”

Still, once SHA-1 has been deprecated, SHA-2 should be able to keep things safe and secure until the quantum future arrives. That’s why the research carried out by Google and the Centrum Wiskunde & Informatica is so important. It’s not that SHA-1 is going to used to facilitate an attack imminently, but with a better successor already available, it’s good to encourage companies to use it. That will keep our data safer, and better protect against attacks that would give us real reason to panic.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more