SECURITY

SHA-1 Collisions Research Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue, a milestone in cryptanalysis that has been underway for the past decade. The report website also includes a tool co-authored by my colleague Dan Shumow (Senior Software Development Engineer, Security & Cryptography, Microsoft Research) that can be used to detect the presence of a collision in a file. SHA-1 is used in digital certificates (TLS) and code signing applications. By taking advantage of SHA-1, a potential attacker could spoof content, perform phishing attacks, or perform “man-in-the-middle” attacks. Anticipating a point in time when there would be capability to create a practical “collision,” [ more… ]