Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Research paper provides evidence of first known SHA-1 collision

Add as a preferred source on Google

SHA-1 is a cryptographic hash function that underpins various security applications and protocols to help keep the internet safe. Experts, however, have warned for years that it’s out of date. Now, evidence of the first known “collision” of two files with the same SHA-1 hash has demonstrated that the function is no longer safe to use.

A collision refers to an event where two separate files or messages produce the same cryptographic hash, which malicious entities can use to feign authentication  and facilitate an attack. While this has been observed before in relation to other hash algorithms, this is the first time that two SHA-1 hashes have collided, according to a report from Ars Technica.

Recommended Videos

SHA1 was officially deprecated by the National Institute of Standards and Technology in 2011, but the algorithm is still in use despite doubts about its security. In November 2016, Microsoft joined Google and Mozilla in making preparations to start blocking sites that use SHA-1 protection.

paper that was published Thursday demonstrates that SHA-1 is unsafe as of right now, and should be retired immediately. The paper is the result of two years of collaborative work undertaken by the Centrum Wiskunde & Informatica, a national research center in Amsterdam, and Google’s security, privacy, and anti-abuse research group.

It would take a great deal of computing power to carry out an attack that takes advantage of an SHA-1 collision — however, that kind of muscle is ready available, as long as the perpetrators have enough financial backing. The paper states that an attack could be performed using Amazon Web Services for as little as $110,000.

Google’s disclosure policy dictates that source code used to perform the collision detailed in the paper will be released in 90 days. As a result, the sites and services that still use SHA-1 hashing will need to discontinue their usage of the algorithm before that date, as those materials will make it much easier for an attack to be carried out.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Valve just gave away the blueprint for its coolest Steam Machine mod
Valve giving away the recipe instead of the dish, and honestly, we're okay with it.
Valve Steam Machine Featured Design Coverplate

While Valve’s Steam Machine launched at a higher-than-expected price due to the AI-driven chip shortage, it seems that the company is not sitting on its haunches and is still working hard to make the product more enticing to users. 

One of the coolest features of the Steam Machine is the user-customizable front faceplate, and Valve has just made it better. The company open-sourced its "Inkterface" project, which allows users to build their own e-ink faceplate for the Steam Machine.

Read more
Brave’s new Container feature is a lifesaver for anyone juggling multiple accounts
With this feature, you won't need to open three different browsers
Brave browser 3D logo

Brave has added Containers to its desktop browser, giving users a built-in way to keep different accounts, sessions, and browsing activity separate. The feature is available in Brave 1.92 for Windows, macOS, and Linux, and is rolling out in phases over the next few days.

Containers have been a highly requested feature, especially for users who regularly switch between work, personal, developer, or creator accounts. Once enabled, they let users open tabs in separate spaces where cookies and site storage are not shared outside that container.

Read more
Intel may bring back older desktop CPUs because DDR5 is getting too expensive
Older Intel Core CPUs from 10th to 14th Gen may get a second life
Intel Core i5-12400F box sitting in front of a gaming PC.

Intel may be preparing an unusual response to the ongoing memory crunch. According to Chinese outlet ITHome, citing ChannelGate, the company’s latest production plan includes restarting production of 13th-gen and 14th-gen Core processors.

The move is expected to increase supply across Intel’s 10th, 12th, 13th, and 14th Gen CPU families, especially in mainland China. For DIY PC builders, the timing is important. DDR5 memory prices have climbed sharply, making newer platforms harder to justify for anyone trying to build an affordable gaming PC.

Read more