+1 vote
96 views
asked in Hacking by
Recently, SHA collision has created a big hype on internet.

How i am at risk by this and how it can be exploited?

Thanks in advance

1 Answer

+1 vote
answered by
selected by
 
Best answer

What is SHA-1 Collision Attack ? 

SHA-1 was designed by NSA in 1995 as a standard Digital Signature Algorithm , for a decade researchers pointed out the flaw in the system theoretically and how it can be exploited but the costs to pull that off were more than $130K and months of computing.

Google with a group of researchers pulled it off making it a reality that's why its a big news..


How SHA-1 Collision Works ?

2 files can not have a digital print , even if a difference of a period in one file will give you a different digital print a.k.a SHA-1 , but if you see PDF-1 and PDF-2 both have different content but guess what ? they have same digital signature which  means SHA-1 has been exploited or "Shattered" because of the collision Attack.

In the image below you can see that the Bad doc also has the same hash 

image

How SHA-1 Effects the normal User ?

If you use Chrome, you will be automatically protected from insecure TLS/SSL certificates, and Firefox has quickly reacted to this announcement, and deprecated SHA-1 as of February 24th, 2017.
Files sent via Gmail or saved in Google Drive are already automatically tested against this attack.

What types of systems are affected?

Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include:

  • Digital Certificate signatures

  • Email PGP/GPG signatures
  • Software vendor signatures
  • Software updates
  • ISO checksums
  • Backup systems
  • Deduplication systems
  • GIT

How to Exploit SHA-1 for Collision Attacks ?

This would require a great number of Computation Power , even the attack done by Google cost them $11000 , so its not currently in the range. You should read a research of 2009 where a user made 2 different files with same hashes here and after that read Marc Research on the current Collision Attack

commented by
that's a great source of info... thanks
Welcome to Ask Techie
Ask questions and receive answers from other members of the community. Hacking,Technology,Gaming,Programming and everything to get you going with your Cyber World.

95 questions

101 answers

230 comments

78 users

...