SHA-1 Collision Found

Google recently announced that they have successfully generated a collision for SHA-1, although it would 90 more days before they reveal to the world as to how they accomplished this task.

Hashing functions are an important aspect of cryptography, since they are used for comparison, finding duplicates and the most important fact is that hashing algorithms are one-way, ie. the resultant string cannot be reversed to find the original string. Due to this, Vendors have been using one-way hashing algorithms like MD-5, SHA-1,SHA-256 to store passwords and whenever the correct password is provided by the user, the resultant Hash will always match with the stored value, thus validating the authentication process.

Computation of Hash Collision is based on the fact that , there might exist two different strings which would generate the same Hash or, by using enough computational power, the original string used for generating the Hash could be found, there-by rendering the usage of the said Hash Algorithm useless.

With the advancements in the technology and faster computation being made available , this doesn’t surprise the experts, it was just a matter of time before someone could have come up with an algorithm to find the collision.

MD5 , as an hashing algorithm which was not just cracked but the collisions have also been made available with almost 829.726 Billion unique decrypted hashes have been made available publicly.

eScan warns that , every vendor / developer who uses SHA-1 as the preferred algorithm for password comparison, should switch over to SHA-3 or SHA-256. Since, as of this moment, SHA-3 and SHA-256 are considered to be very tough and should be able to with-stand the onslaught of computational power for next few years.

This entry was posted in eScan 11, eScan 14, MailScan, Security and tagged , , , , , , , . Bookmark the permalink.