An anonymous reader writes: “Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever ‘chosen-prefix collision attack,’ a more practical version of the SHA-1 collision attack first carried out by Google two years ago,” reports ZDNet. Google’s original research allowed attackers to force duplicates for specific files, but this process was often at random. A new SHA-1 collision attack variation (a chosen-prefix attack) detailed last week allows attackers to choose what SHA-1-signed files or data streams they want to forge on demand, making SHA-1 an attack that is now practical in the real world, albeit at a price tag of $100,000 per collision.
Read more of this story at Slashdot.
Source:
https://it.slashdot.org/story/19/05/13/2255229/academics-improve-sha-1-collision-attack-make-it-actually-dangerous?utm_source=rss1.0mainlinkanon&utm_medium=feed