Skip to main content

A common form of web encryption has been shattered, but it might be for the best

google announces security features for cloud platform data center servers
Google
When a paper demonstrating the first known SHA-1 collision was published last month, it caused quite a stir among the tech community. SHA-1 is still an extremely popular form of encryption, and breaking it wide open could expose a wealth of sensitive information.

“It’s moved from a theoretical attack, to a provable, real-world attack with proofs of concept that are out there in the wild,” said Brian Hanrahan, product manager as endpoint security specialist Avecto, speaking to Digital Trends on the telephone. “So, the probability of someone out there leveraging a SHA-1 collision attack has increased exponentially, because now there’s code that shows how to do it.”

Recommended Videos

When Google releases the source code behind its findings, anyone who wanted to force a collision for malicious purposes could use it as a template. That sounds dangerous – but is it really the threat it’s made out to be?

The Collision

“I do think that there’s a lot of panic around this, when there probably oughtn’t be,” said Tod Beardsley, the director of research at security engineering firm Rapid7. “Can criminals run out and use this attack to steal money?  I don’t see an application like that.”

“These collisions in SHA-1 required the attackers to have control of both the ‘good’ data and the ‘bad’ data,” Beardsley explained, referring to the two PDF documents that were forced to ‘collide,’ occupying the same SHA-1 hash. “When you control both, it’s kind of game over if you don’t trust that person.”

The paper demonstrated how to cause a collision between two hashes, but both documents were in control of the researchers. In terms of carrying out an attack, this isn’t as useful as being able to force a collision with a hash controlled by someone else.

Beardsley told us of a scenario where someone might want to inject ‘evil code’ into Linux. A SHA-1 collision could be used to do so, but carrying out such an attack would still require impersonation of a trusted user to have control over an iteration of the code. While not impossible, the complexity of the task means it would probably be possible only by the largest and most skilled hacking organizations.

Still, a company like Google wouldn’t invest time and effort into its collaborative research with the Centrum Wiskunde & Informatica for no good reason. Though a widespread attack that uses a SHA-1 collision isn’t necessarily imminent, this is important work that will help push internet security standards forward.

A Nudge in the Right Direction

“We’ve had some time, right?” said Beardsley. “We’ve seen this coming down the road. And this is going be the case for many hashing algorithms. As time goes on, and science gets better, and computers get cheaper, we’re going to find that hashing algorithms will fall over in some cases.”

For the last few years, it’s been clear that SHA-1 was on borrowed time. The companies behind major web browsers like Chrome, Safari, Firefox, and Internet Explorer have already started putting their deprecation plans into action.

“It was around late 2012, early 2013, when all the browser manufacturers got together and said, ‘this is not gonna work anymore, let’s start phasing out certificates that use SHA-1 hashing to validate that the server’s real,’” explained Beardsley. “That all was happening up until December 31 of last year, that’s the point where we were supposed to be all off SHA-1 certificates.”

SHA256 Code Animation

“People are aggressively moving to SHA-256; Microsoft, Google, all of the major technology companies have been doing that,” said Hanrahan. “I think the impetus that’s going to drive people to do it faster now is that there’s a proven, real-world attack.”

Evidence of the SHA-1 collision, which was published online under the catchy SHAttered moniker to ensure maximum visibility, is of critical importance to the continued effort to transition away from the algorithm. While we’ve known that SHA-1 was theoretically unsafe for some time, it takes more than potential threats to prompt the widespread action necessary to facilitate large-scale deprecation.

The possibility of a SHA-1 collision wasn’t enough to make companies as powerful as Microsoft and Google to enforce the switchover to SHA-2. The paper published last month, which makes it a reality, will hopefully force the issue, as with the source code out in the open, SHA-1 is something of a sitting duck — even if it is unlikely that attackers would choose to abuse its weaknesses over another, easier strategy.

But why would anyone want to keep SHA-1 in place?

Inertia and the Legacy Problem

When I asked Tod Beardsley why it was so difficult to retire hashing technology like SHA-1, he laughed. “It’s kind to say difficult, I think it’s impossible,” he explained. “I still use MD5 for things, and MD5 has been dead forever. When it comes down to it, in most cases, it’s good enough — this will set cryptographers’ teeth on edge, saying things like that, but that’s kind of the reality of those implementations,” said Beardsley. “I think you have a lot of inertia, when something kind of, mostly, works. It kind of still mostly works. That would describe the whole internet: the internet kind of, mostly, works.”

You can’t go back to software houses that are out of business and ask them to generate a SHA-2 hash.

It’s a classic case of ‘if it ain’t broke, don’t fix it,’ except in this case, the thing in question is very old, and would break if it was struck by a strong wind. Still, it’s inconvenient to replace SHA-1 with something else, especially while it’s still in working order. And there’s another reason why SHA-1 won’t be wiped from the face of the earth completely any time soon. It’s used to hash software, which is far more stoic than the living, breathing internet.

“The legacy problem is really what needs to be dealt with,” said Hanrahan. “For software that’s been generated in the past, and for which there’s only a SHA-1 hash, you can generate a SHA-256 hash for those files, or whatever entity you’re trying to identify — but you have to start with a known, trusted source.”

He gives the example of writing and compiling a piece of software on his computer, right now. He could hash it with MD5, SHA-1, or SHA-256, and at that time, he would be certain that the hashes relate specifically to that piece of software. However, if he were to compile the software and send it to another person, they would have no way of verifying what the hash was when he created the software. They could produce a SHA-256 hash, but they would have no way of being completely sure that the software hasn’t been tampered with beforehand.

Image used with permission by copyright holder

“You can’t go back in time to software houses that are already out of business and ask them to generate a new SHA-2 hash for software that they created 25 years ago,” he explained.

In most cases, you would likely be safe to assume that the SHA-1 hash is legitimate, and generate a SHA-2 hash for that software. However, now that last month’s paper has outlined a way to force a collision between two SHA-1 hashes, there’s an element of doubt. “Using SHA-1 to verify a binary is no longer considered absolutely precise and perfect,” added Hanrahan.

Evidently, this kind of change in security standards doesn’t come easy. And once SHA-1 has been phased out in favor of SHA-2, what’s to stop the powers that be pushing for a move to SHA-3? Couldn’t this game of catch-up go on indefinitely? No — and we have math to thank for that.

What’s next, and the quantum problem

“With regards to SHA-2, if you think about the enormous computing power that it takes to break a SHA-1 based certificate, it’s not like we’re doubling it to go to SHA-2,” said Hanrahan. “It’s an exponential difference in the amount of computing power that would be required.”

“Quantum computing also, incidentally, breaks all existing cryptography”

SHA-2 is the successor to SHA-1, and consists of six different functions with varying hash values. “It’s not like tomorrow they’re going to turn around and say, ‘oh, we broke SHA-2 now,’ because it’s a computing power problem,” Hanrahan added. “It’s taken basically all the computer power they have to generate one collision for SHA-1, and to show how to do it.”

Outside of vulnerabilities that are being kept secret, it seems that SHA-2 will be sufficient for current hardware. However, when our computers take their next evolutionary step, cryptography must do the same. Quantum computing will change all the rules when it’s practical, according to Beardsley.

“Quantum cryptography tends to favor the secret keeper, rather than the breaker — the cryptoanalyst,” he said. “According to what we know about math today, that seems to be the endpoint. We can’t really see beyond that.”

The advent of the quantum computer will make the upheaval caused by the transition from SHA-1 to SHA-2 look miniscule. “[Quantum computing] also, incidentally, breaks all existing cryptography, but from that point on, things get pretty good for the secret keepers.”

Still, once SHA-1 has been deprecated, SHA-2 should be able to keep things safe and secure until the quantum future arrives. That’s why the research carried out by Google and the Centrum Wiskunde & Informatica is so important. It’s not that SHA-1 is going to used to facilitate an attack imminently, but with a better successor already available, it’s good to encourage companies to use it. That will keep our data safer, and better protect against attacks that would give us real reason to panic.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Tax software deals: Save on TurboTax and H&R Block
hr block tax software deal best buy flash sale

Update 1/13/25: We've updated this article for the 2024/2025 tax year. Below, we'll help you find the best discount for your personal tax needs.

Like it or not, it is time to look at the best tax software again. If you're proactive, though, you can get a good deal and find tax software at a bargain price. Here, we look at the best tax software deals in 2025. Remember that these are deals for the 2024 tax year, even though you'll be buying them in 2025. The following tax software all have discounts; we'll lay out the discount for you as well as give a brief overview of what that software does. Also, note that most of the highlighted deals are for a combination of federal and state taxes, but it should be very simple for you to change to a federal-only version of the software on the checkout page.
Tax Act All-Inclusive Bundle — $138 $230 40% off

Read more
Nvidia’s RTX 50-series might give us a repeat of the GPU shortage
Nvidia's RTX 5090 sitting at CES 2025.

Nvidia's RTX 5090 and RTX 5080 are set to release later this month, and there's no doubt that they'll end up being some of the best graphics cards of the year. Unfortunately, it also seems that they might be hard to come by, as many sources expect that the RTX 50-series will have very limited availability to start with.  If this checks out, we might see a similar situation to the GPU shortage we endured during the launch of the RTX 30-series.

VideoCardz compiled a number of leaks that all add up to the same thing: Nvidia and its partners may not be able to supply many next-gen GPUs in time for the launch date. This wouldn't necessarily mean that the official January 30 release date would get pushed -- that's pretty unlikely at this point. Instead, the GPUs might be up for sale, but limited in number, and they won't be restocked for some time.

Read more
Nvidia says melting power connectors are a thing of the past
The graphics card connectors on a power supply. The connectors are burned and melted from where an Nvidia 12VHPWR cable from an RTX 4090 graphics card has been plugged in and overheated.

Nvidia has expressed confidence that the infamous melting issues with the 12VHPWR power connectors, which plagued some RTX 40-series GPUs, will not recur with its next-generation RTX 50-series lineup.

As reported by QuasarZone, during the Nvidia RTX AI Day 2025 event in South Korea, Nvidia representatives assured attendees that the overheating and melting issues experienced with the RTX 4090's 12VHPWR connector have been resolved in the RTX 50 series. “We don’t expect that to happen with the RTX 50 series. We made some changes to the connector to respond to the issue at the time, and we know that it is not happening now, about two years later,” said an Nvidia representative.

Read more