Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Internet Storm Center - Internet Security | DShield Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Fri, Feb 24th):#SHA1 Collisions Found; Mirai Botnet Arrest

Latest Diaries

Practical collision attack against SHA-1

Published: 2017-02-23
Last Updated: 2017-02-23 16:56:14 UTC
by Rick Wanner (Version: 1)
1 comment(s)

Google has announced that they have succeeded in developing a technique which makes it practical to craft two PDF files with the same SHA-1 digital signature.

Of course like all new vulnerabilities/attacks in this decade it needs a web page and a cool logo.  Not to disappoint they can be found here.

What does this mean to you?  The fact is nothing has changed since yesterday.  This is still a difficult attack. For most applications SHA-1 will still be an adequate level of protection.  This does highlight a significant risk to high-trust applications such as banking, legal contracts and digital signatures.  Theoretical attacks against SHA-1 have been hypothesized since 2005 and SHA-1 was deprecated by NIST in 2011, so most high-trust uses of SHA-1 should be long since upgraded to more secure methods.

SHA-1 is still commmonly used for file integrity hashes, and is used for that purpose in Git and most vendor signatures, so there wil be some work to do.

Google is following their disclosure guidelines so the details of the attack will not be released for 90 days.  Leaving time for applications that are still using SHA-1 to move to more secure hashing methods such as SHA-3 or SHA-256.

Further reading below: 

Google -> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

ARSTechnica -> https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords:
1 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Quick and dirty generic listener
Feb 22nd 2017
1 day ago by Jim (0 comments)

Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? - Flash Player RCE patched today
Feb 21st 2017
2 days ago by Rob VandenBrink (1 comment)

2 Apple Updates Today as Well - GarageBand and Logic Pro X
Feb 21st 2017
2 days ago by Rob VandenBrink (1 comment)

Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To")
Feb 21st 2017
2 days ago by Rob VandenBrink (6 comments)

Hardening Postfix Against FTP Relay Attacks
Feb 20th 2017
3 days ago by Johannes (2 comments)

Brazilian malspam sends Autoit-based malware
Feb 18th 2017
6 days ago by Brad (2 comments)

RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
Feb 18th 2017
6 days ago by Rob VandenBrink (9 comments)

View All Diaries →

Latest Discussions

The format of BGP messages with routeviews
created Feb 22nd 2017
1 day ago by samara (0 replies)

Platform Markings on Headlines
created Feb 9th 2017
2 weeks ago by Anonymous (0 replies)

Automation Software, Consultant or Both?
created Jan 25th 2017
4 weeks ago by Anonymous (1 reply)

Importance of File Integrity Monitoring software
created Jan 18th 2017
1 month ago by Promisec (0 replies)

New Incident Response/Forensics tool : srum-dump.exe
created Jan 12th 2017
1 month ago by Mark (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Dyn.com DDoS Attack
Oct 21st 2016
4 months ago by Johannes (9 comments)

Microsoft Patch Tuesday Delayed
Feb 18th 2017
6 days ago by Johannes (7 comments)

Critical Vulnerability in Cisco WebEx Chrome Plugin
Jan 24th 2017
1 month ago by Johannes (10 comments)

Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
Nov 29th 2016
2 months ago by Johannes (21 comments)

RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
Feb 18th 2017
6 days ago by Rob VandenBrink (9 comments)