Today, Google made major waves in the cryptography world, announcing a public collision in the SHA-1 algorithm. Its a deathblow to what was once one of the most popular algorithms in cryptography, and a crisis for anyone still using the function. The good news is, almost no one is still using SHA-1, so you dont need to rush out and install any patches. But todays announcement is still a major power play from Google, with real implications for web security overall. <\/p>\n
Like most cryptography, it can get a little complicated, so its probably best to start from the very beginning... <\/p>\n
Google publicly broke one of the major algorithms in web encryption, called SHA-1. The companys researchers showed that with enough computing power roughly 110 years of computing from a single GPU for just one of the phases you can produce a collision, effectively breaking the algorithm. Weve known this was possible for a while, but nobody has done it, in part because of the possible fallout. <\/p>\n
A deathblow to a once-popular algorithm <\/p>\n
In accordance with its disclosure policy, Google is waiting 90 days to say exactly how they did it but once the proof-of-concept is out, anyone with enough computing power will be able to produce a SHA-1 collision, rendering the algorithm both insecure and obsolete. <\/p>\n
Its hard to say if Googles researchers are the first people to do this ( SHA-1 is a hashing function, which produces a digital fingerprint from a given file. That lets you verify a files integrity without exposing the entire file, simply by checking the hash. If the hash function is working properly, each file will produce a unique hash so if the hashes match, the files themselves will also match. Thats particularly important for login systems, which need to verify that a password is correct without exposing the password itself. <\/p>\n A collision is what happens when a hashing function breaks, and two files produce the same hash. That could allow an attacker to smuggle in a malicious file because it shares its hash with a legitimate file. As proof-of-concept for todays announcement, Google published two PDF files that, run through SHA-1, produce the same hash. <\/p>\n In practical terms, a broken hash function could be used to break HTTPS, the encryption system that now protects more than half the web. You can learn more about that system from the podcast below (theres a whole pie-ribbon-curse metaphor; its great), but the gist is that it guarantees that the content you see at Wikipedia.com is really coming from Wikipedia and hasnt been tampered with along the way. If that system breaks, it would be easy for criminals to insert malware into web traffic from a compromised ISP or other network provider. <\/p>\n Unless you make a habit of clicking through those scary red screens, youll be fine. Cryptographers have been predicting a collision like this for years, making ever more specific predictions about how youd produce one and how much computing power it would take. This is the first time anyones burned the server time to actually do it, but weve known something like this was possible for a while. <\/p>\n As a result, most sites have already dropped SHA-1. As recently as 2014 it was being used for as much as 90 percent of the encryption on the web, but its been mostly abandoned in the years since. As of January 1st, every major browser will show you a big red warning when you visit a site secured by SHA-1. Its hard to say how many of those sites are left, but anyone with a halfway decent certificate provider is already safe. <\/p>\n SHA-1 is still used in a couple places outside web encryption particularly Git repositories but given how long the algorithm has been deprecated, the broader impact shouldnt be that widespread. <\/p>\n The short version is, they wanted to win the argument. Dropping SHA-1 took a lot of time and effort across the industry, and not everyone was eager to do it. The result has been a running fight over how fast make the switch with Googles Chrome Security Team providing one of the loudest voices for a faster transition. Chrome was forcing websites away from SHA-1 as early as 2014, long before other browsers started cracking down. Firefox caught on fairly quickly, too, with Microsofts Edge and IE bringing up the rear. <\/p>\n This is a fight about how secure the web needs to be <\/p>\n Chromes early moves caused a lot of grief among certificate providers but now that theres a proof-of-concept collision out there, the Chrome Security Team looks pretty smart. If wed listened to the slowpokes, this collision could have been a major problem! Instead, the industry moved fast, everyones safe, and we have to write blog posts to explain why it matters at all. <\/p>\n In a broader sense, this is a fight about how secure the web needs to be. If youre making smartphones or selling apps, you might not think its worth it to force the entire web off of a shaky algorithm. What does it matter if a few janky websites are slow to make the switch? But Google still a web advertising company, and that means any breakdown in web security is an existential threat. Whenever an algorithm like SHA-1 breaks, ad networks are among the first to be targeted, so Googles heavily invested in making sure those encryption systems work. And since Googles ads are served across the entire web, they need to make sure everyones on board. Sometimes that means cracking a few heads! <\/p>\n So while it might seem like a mathematical curiosity, this is really a victory lap for Google and one that cost quite a bit of server time. People have been saying SHA-1 was shaky for years, and now we all know they were right. Luckily, we all listened to the crypto folks, and nothing too serious got broken. Youre welcome. <\/p>\n <\/p>\n