Google announces a method to create SHA1 collisions
A joint research between Google and the Dutch Institute CWI has managed to create a technique to generate two different PDF files with the same SHA-1 hash. According to Google, the possibility of creating hash collisions reveals the need to stop using the SHA-1 algorithm for the calculation of hashes, since this would compromise the validity of the hashes to guarantee the authenticity and integrity of information.
The SHA-1 algorithm was created in 1995 and is currently used in processes of digital signature and files authenticity and integrity.
References:
- 23/02/2017 security.googleblog.com Announcing the first SHA1 collision
- 23/02/2017 pcworld.com Stop using SHA1 encryption: It’s now completely unsafe, Google proves
- 23/02/2017 theregister.co.uk 'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time
- 23/02/2017 cwi.nl CWI and Google announce first collision for Industry Security Standard SHA-1
- 23/02/2017 adslzone.net El cifrado SHA-1 ya no es seguro: Google lo ha roto después de 22 años