In a joint announcement today, Dutch research institute CWI and Google revealed that they have broken the SHA-1 internet security standard “in practice”. Industry cryptographic hash functions such as SHA1 are used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, including credit card transactions, electronic documents, open-source software repositories and software updates.

— “Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision,” said the Google Team in a blog post today. “This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. ... For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. ... We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure.”

— What types of systems are affected? “Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include digital certificate signatures, email PGP/GPG signatures, software vendor signatures, software updates, ISO checksums, backup systems, deduplication systems, and GIT.” https://shattered.io/

— “This is not a surprise. We’ve all expected this for over a decade, watching computing power increase. This is why NIST standardized SHA-3 in 2012.” Bruce Schneier / Feb 23