I posted google’s announcement on the SHA1 Shattering in twitter several weeks ago
Bye #SHA1 https://t.co/W3X5RMQhGO https://t.co/BZ4qvT1TZG pic.twitter.com/PlDFrTCCzY
— Menard Osena (@Menardconnect) February 24, 2017
And I was surprised that a fellow infosec dude replied and tweeted
@Menardconnect a security platform still used MD5. shhhh…
— daves espia (@daves_espia) February 24, 2017
and it seems that the platform he is hinting does not have migration path or plan about it (or none that we know of). And its still MD5 :(.
This got me thinking maybe this SHA1 can be a good topic for this blog so I looked into the details so that I can explain it in a simple way and answer what’s with this SHA1 being broken? and why should we care? or should we not?
SHA1 is broken.
Google and the researchers demonstrated this by crafting 2 PDF files with different contents but same SHA1 hash. They released the geeky how-to docs publicly. Good visualization too 🙂
Image Credits: Shattered.IT
So in a nutshell, it’s now possible to create a file to match a SHA1 of another file. So if you are using SHA1 as primary identification of files/certs, consider migration to other hash like SHA256 or SHA3.
How easy to do the attack?
Very hard (needs 6,500 yrs of single-CPU computing power or 110 years of single-GPU power). But of course with Google firepower, they fast-tracked things up drastically (experts say this is 3 years earlier than previous projection). My key learning here is given GPU advancements + cloud computing nowadays that “very hard” attack can be “so easy”, as long as you have the right resources ($$$, kaching-kaching, moolah).
Several experts estimated that such attack needs 75K USD budget, just rent some computing firepower via AWS, problem is solved :). Imho, 75K is peanuts to nation-states and large cybercriminal groups (whether its FUD or not, not my forte).
What are the usual systems potentially impacted? SHA-1 is used for digital signatures, file integrity, and/or file identification among others. So Digital Cert sigs, Email PGP sigs, Vendor file signatures, software updates, GITs, etc may be vulnerable.
SHA1 Certs have been depracated since 2015. Major browsers is OK and safe with Google doing early protection for Chrome and (other Google-related services too) and Firefox provided a fix a day after the disclosure.
GIT and software repo have a healthy discussion with Linus Torvalds giving some good explanation on the impact to GIT.
Should we care?
Are you (or your tools, software, systems) heavily dependent on SHA1 for file integrity? If yes, then you should care and plan the migration right away. Migration path is SHA256 and SHA3. Exploit described above is demonstrated with PDF, and since this is in already public expect other file types to follow soon. This is not IF now but WHEN.