SHA-1 has been broken in practice, now what?
March 6, 2017 - SHA-1 has been broken in practice, now what? UL provides recommendations for moving to safer hashing algorithms.
A brief history of SHA-1
SHA-1 is a cryptographic hash function that has been widely used for over two decades in applications such as SSL/TLS, VPN protocols, PGP, SSH, and distributed revision control systems (Git, Mercurial, etc.). For over 10 years, NIST has urged moving away from SHA-1 with official deprecation starting in 2011, due to security concerns regarding the underlying math being less resistant to collision attacks than originally thought. A successful collision attack would result in locating matching hashes within two different files. On February 23, 2017, those recommendations proved to be fruitful as Google published the first publicly known collision attack of SHA-1: two different PDF files with the same SHA-1 hash.
Example of attack
This is known as an identical-prefix collision. A real world example of this type of attack could consist of an employer using two colliding employment contracts to trick an employee into digitally signing a high salary contract. The employer could later claim the employee signed a contract agreeing to a much lower salary.
Cost to carry out attack
Nine quintillion SHA-1 computations were performed in total. This breaks down to: 6,500 years of CPU computation and 110 years of GPU computation to complete both attack phases. However, thanks to the nature of modern cloud computing essentially letting anyone have access to vast computing resources, the cost to replicate this attack could be as low as $110,000 using Amazon’s cloud computing platform. This puts this attack into the realm of criminal organizations and well into the wheelhouse of state sponsored actors.
Risk of attack
Due to Google’s vulnerability disclosure policy, code is not yet publicly available to reproduce this SHA-1 collision as of this writing. However, now that it has been proven technically feasible, well-funded actors could replicate this work and produce another collision before Google’s 90-day disclosure period is up.
UL recommends that the industry move to safer hashing algorithms such as SHA-256 or SHA-3. Additionally, UL recommends consulting engineers and developers to discover if affected technologies (Git, PGP, SSL certificates, etc.) are being used within your company. If they are found to be vulnerable, it is strongly encouraged to create and execute a plan to sunset SHA-1 from the organization.