Hash functions play important roles in information security, serving as the basic building blocks for many security protocols. They must possess one vital feature: it has to be mathematically hard for an attacker to find two inputs that map to the same output (called a “collision”). Now, a new paper by Thomas Peyrin (School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore) and Gaetan Leurent (INRIA, France) has definitively shown that a widely-used hash function, SHA-1, is insecure.
In 2017, a research team from Google and the Dutch research institute CWI had demonstrated a collision in SHA-1. However, that demonstration had limited direct impact on security, as the contents of the colliding inputs could not be tailored. The new paper by Peyrin and Leurent shows how to perform a much more serious type of collision called a “chosen-prefix collision”, in which an attacker can attach any prefix to the colliding inputs. As chosen-prefix collisions can be used to duplicate or forge important files such as security certificates, this work shows that SHA-1 must immediately be abandoned in favour of more advanced alternatives.
For more information, see the article on ZDNet.