Research paper provides evidence of first known SHA-1 collision

russian hackers
SHA-1 is a cryptographic hash function that underpins various security applications and protocols to help keep the internet safe. Experts, however, have warned for years that it’s out of date. Now, evidence of the first known “collision” of two files with the same SHA-1 hash has demonstrated that the function is no longer safe to use.

A collision refers to an event where two separate files or messages produce the same cryptographic hash, which malicious entities can use to feign authentication  and facilitate an attack. While this has been observed before in relation to other hash algorithms, this is the first time that two SHA-1 hashes have collided, according to a report from Ars Technica.

SHA1 was officially deprecated by the National Institute of Standards and Technology in 2011, but the algorithm is still in use despite doubts about its security. In November 2016, Microsoft joined Google and Mozilla in making preparations to start blocking sites that use SHA-1 protection.

paper that was published Thursday demonstrates that SHA-1 is unsafe as of right now, and should be retired immediately. The paper is the result of two years of collaborative work undertaken by the Centrum Wiskunde & Informatica, a national research center in Amsterdam, and Google’s security, privacy, and anti-abuse research group.

It would take a great deal of computing power to carry out an attack that takes advantage of an SHA-1 collision — however, that kind of muscle is ready available, as long as the perpetrators have enough financial backing. The paper states that an attack could be performed using Amazon Web Services for as little as $110,000.

Google’s disclosure policy dictates that source code used to perform the collision detailed in the paper will be released in 90 days. As a result, the sites and services that still use SHA-1 hashing will need to discontinue their usage of the algorithm before that date, as those materials will make it much easier for an attack to be carried out.

Emerging Tech

Google’s radar-sensing tech could make any object smart

Computer scientists have shown how Google’s Soli sensor can be used to make dumb objects smart. Here's why radar-powered computing could finally make the dream of smart homes a reality.
Emerging Tech

A.I. finds non-infringing ways to copy drugs pharma spends billions developing

Researchers have demonstrated an artificial intelligence which can find new methods for producing existing pharmaceuticals in a way that doesn’t infringe on existing patents. Here's how.
Emerging Tech

ANYmal dog robot can get back on its feet when someone pushes it over

Roboticists at ETH Zurich have demonstrated how their ANYmal four-legged robot is capable of taking a kicking and keeping on walking -- or getting back to its feet if it's pushed over.
Emerging Tech

Awesome Tech You Can’t Buy Yet: camera with A.I. director, robot arm assistant

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.

Want a Dell laptop with an RTX 2060? Cross the new XPS 15 off your list

The next iteration of Dell's XPS 15 laptop won't come with an option for an RTX 2060, according to Alienware's Frank Azor. You could always opt for a new Alienware m15 or m17 instead.

What is fixed wireless 5G? Here’s everything you need to know

Here's fixed wireless 5G explained! Learn what you need to know about this effective new wireless technology, when it's available, how much it costs, and more. If you're thinking about 5G, this guide can help!

Fix those internet dead zones by turning an old router into a Wi-Fi repeater

Is there a Wi-Fi dead zone in your home or office? A Wi-Fi repeater can help. Don't buy a new one, though. Here is how to extend Wi-Fi range with another router you have lying around.

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering ergonomic mice alternatives. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.

These are the best indie games you can get on PC right now

Though many indie games now come to consoles as well, there's still a much larger selection on PC. With that in mind, we've created a list of the best indie games for PC, with an emphasis on games that are only available on PC.

Want a MacBook that will last all day on a single charge? Check these models out

Battery life is one of the most important factors in buying any laptop, especially MacBooks. Their battery life is typically average, but there are some standouts. Knowing which MacBook has the best battery life can be rather useful.

Always have way too many tabs open? Google Chrome might finally help

Google is one step closer to bringing tab groups to its Chrome browser. The feature is now available in Google's Chrome Canady build with an early implementation that can be enabled through its flag system.

Here's how to convert a Kindle book to PDF using your desktop or the web

Amazon's Kindle is one of the best ebook readers on the market, but it doesn't make viewing proprietary files on other platforms any easier. Here's how to convert a Kindle book to PDF using either desktop or web-based applications.