Google recently announced that they have successfully Generated a collision for SHA-1, although it would 90 more days before they reveal to the world as to how they accomplished this task.
2. Google recently announced that they have successfully generated a
collision for SHA-1, although it would 90 more days before they reveal to
the world as to how they accomplished this task.
Hashing functions are an important aspect of cryptography, since they are
used for comparison, finding duplicates and the most important fact is that
hashing algorithms are one-way, ie. the resultant string cannot be reversed
to find the original string. Due to this, Vendors have been using one-way
hashing algorithms like MD-5, SHA-1,SHA-256 to store passwords and
whenever the correct password is provided by the user, the resultant Hash
will always match with the stored value, thus validating the authentication
process.
Computation of Hash Collision is based on the fact that , there might exist
two different strings which would generate the same Hash or, by using
enough computational power, the original string used for generating the
Hash could be found, there-by rendering the usage of the said Hash
Algorithm useless.
With the advancements in the technology and faster computation being
made available , this doesn’t surprise the experts, it was just a matter of
3. time before someone could have come up with an algorithm to find the
collision.
MD5 , as an hashing algorithm which was not just cracked but the
collisions have also been made available with almost 829.726 Billion
unique decrypted hashes have been made available publicly.
eScan warns that , every vendor / developer who uses SHA-1 as the
preferred algorithm for password comparison, should switch over to SHA-3
or SHA-256. Since, as of this moment, SHA-3 and SHA-256 are considered
to be very tough and should be able to with-stand the onslaught of
computational power for next few years.