Researchers create first practical attack on SHA-1
TL;DR Researchers create first practical attack on SHA-1. If you use SHA-1, start moving to SHA-256/SHA-3.
What is SHA-1?
The Secure Hash Algorithm 1 (SHA-1) was created by the NSA and first published in 1995 as an improvement on the previously popular MD5 algorithm. Hashing algorithms take an input of any length, from a single letter up to and beyond multi-terabyte disk images, and produce an output of 160 bits that is often represented as a 40-digit hexadecimal number. Due to the infinite possibilities of inputs, but only a finite number of outputs, it has always been known that it was possible for two different inputs to create the same output, known as a collision.
How is this attack on SHA-1 different from previous ones?
Theoretical attacks on the algorithm were first published in 2005, with further iterations reducing the number of operations required to find a collision. The difference with the recent attack is that it has moved from the theoretical to the practical. The CWI and Google researchers have created two different PDF documents that share the same SHA-1 output. They go on to describe a scenario whereby two rental agreements are created with different prices, and tricking a person into creating a valid signature for the high rent contract by having them sign the low rent contract.
Are my applications at risk?
Many applications rely on the algorithm for creating digital signatures, ranging from common SSL certificates for websites, to software repositories like GIT. While NIST officially deprecated SHA-1 in 2011, many digital certificates and applications have continued to rely on the algorithm. Certificate Authorities issuing SSL certificates should no longer be issuing ones using SHA-1, the Google Chrome browser started showing websites using SHA-1 certificates as insecure from version 56 released in January 2017, and Firefox is rolling out a similar feature over the next few months.
Current recommendations are to migrate all uses of SHA-1 to a more secure hashing algorithm such as SHA-256, SHA-3, or higher.
Further information on this new attack, including the full research paper and collision examples is available at http://shattered.io/