menu search
brightness_auto
more_vert
Recently, SHA collision has created a big hype on internet.

How i am at risk by this and how it can be exploited?

Thanks in advance
thumb_up_off_alt 1 like thumb_down_off_alt 0 dislike

1 Answer

more_vert
 
done_all
Best answer

What is SHA-1 Collision Attack ? 

SHA-1 was designed by NSA in 1995 as a standard Digital Signature Algorithm , for a decade researchers pointed out the flaw in the system theoretically and how it can be exploited but the costs to pull that off were more than $130K and months of computing.

Google with a group of researchers pulled it off making it a reality that's why its a big news..


How SHA-1 Collision Works ?

2 files can not have a digital print , even if a difference of a period in one file will give you a different digital print a.k.a SHA-1 , but if you see PDF-1 and PDF-2 both have different content but guess what ? they have same digital signature which  means SHA-1 has been exploited or "Shattered" because of the collision Attack.

In the image below you can see that the Bad doc also has the same hash 

image

How SHA-1 Effects the normal User ?

If you use Chrome, you will be automatically protected from insecure TLS/SSL certificates, and Firefox has quickly reacted to this announcement, and deprecated SHA-1 as of February 24th, 2017.
Files sent via Gmail or saved in Google Drive are already automatically tested against this attack.

What types of systems are affected?

Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include:

  • Digital Certificate signatures

  • Email PGP/GPG signatures
  • Software vendor signatures
  • Software updates
  • ISO checksums
  • Backup systems
  • Deduplication systems
  • GIT

How to Exploit SHA-1 for Collision Attacks ?

This would require a great number of Computation Power , even the attack done by Google cost them $11000 , so its not currently in the range. You should read a research of 2009 where a user made 2 different files with same hashes here and after that read Marc Research on the current Collision Attack

thumb_up_off_alt 1 like thumb_down_off_alt 0 dislike
more_vert
that's a great source of info... thanks
Welcome to Ask Techie
Ask questions and receive answers from other members of the community. Hacking, Technology, Gaming, Programming, Blockchain and everything to get you going with your Cyber World.

222 questions

227 answers

401 comments

726,234 users

...