Overview
This lecture presents the SHAttered attack, the first practical collision created for the SHA-1 cryptographic hash function, highlighting its risks, affected systems, and recommendations for transitioning to safer alternatives.
SHA-1 and Its Importance
- SHA-1 is a cryptographic hash function widely used for digital signatures, file integrity, and digital asset protection.
- Applications include credit card transactions, software updates, email signatures, and version control systems.
SHAttered Attack Summary
- SHAttered demonstrates a practical collision against SHA-1, creating two distinct PDFs with the same SHA-1 hash.
- Attackers can exploit this to trick individuals into signing a benign document with a signature valid for a malicious one.
- The collision was achieved after massive computational effort, 6,500 CPU-years, and 110 GPU-years.
Affected Systems and Software
- Any application relying on SHA-1 for integrity or identification is vulnerable (e.g., digital certificates, GIT, backup systems).
- GIT can be manipulated to serve targeted users different content under the same commit hash.
- SVN versions before 1.9.6 are vulnerable, with later versions patched.
Industry and Browser Response
- SHA-1 was officially deprecated by NIST in 2011, yet still used in some applications as of 2017.
- Browsers like Chrome (since v56) and Firefox have deprecated SHA-1 certificates and flag sites using them as insecure.
- Certification Authorities are not allowed to issue SHA-1 certificates and must include random serial numbers for additional protection.
Detection and Protection
- File checker tools can detect SHA-1 collision attacks using counter-cryptanalysis methods.
- Hardened SHA-1 with collision detection can differentiate between colliding files and safe files.
- Users should migrate to SHA-256 or SHA-3 for enhanced security.
Attack Details and Limitations
- The SHAttered attack is 100,000 times faster than brute-force attacks based on the birthday paradox.
- As of publication, there were no known real-world abuses of this attack.
- The PDF format was exploited to craft the collision.
Key Terms & Definitions
- SHA-1 — A now-weak cryptographic hash function used for data integrity and digital signatures.
- Collision — When two different files produce the same hash output.
- Counter-cryptanalysis — Detection techniques that identify known and unknown cryptanalytic attacks.
- Brute force attack — Naive method that tries all possible combinations to find a collision.
Action Items / Next Steps
- Use available tools to check files for SHA-1 collisions.
- Upgrade systems to use SHA-256, SHA-3, or other secure hash functions.
- Ensure all browsers, software, and version control systems are updated to versions that do not rely on SHA-1.