Google security researchers Elie Bursztein, Ange Albertini, and Yarik Markov and researchers from Cryptology Group at Centrum Wiskunde and Informatica (CWI) in Amsterdam, Marc Stevens and Pierre Karpman last month detailed the results of two years of work to create a collision attack against the Secure Hash Algorithm (SHA)-1 (defined) algorithm.
They focused on an attack allowing the SHA-1 hash of one Adobe Portable Document Format (PDF) file to match the hash of a second PDF. The researchers divided the work into two phases; phase one used 6,500 years of Central Processing Unit (CPU)(defined) computation while phase 2 consumed 110 years of Graphics Processing Unit (GPU)(defined) computation time. The work appears to have cost between USD$75,000 and USD $120,000 to complete.
Theoretical attacks against SHA-1 have existed since 2005 with 2016 showcasing work estimating an attack could take as little as three months; this new attack marks the first practical attack. I previously detailed why you should migrate your website and code-signing certificates to SHA-2.
How can I protect myself from this vulnerability?
If you are responsible for website signing certificates and/or software signing certificates making use of SHA-1 algorithm you should continue your planned migration to SHA-2 signing certificates. Use of updated web browsers will correctly assign less trust to websites using SHA-1 certificates. While I agree with Linus Torvalds about the “sky not falling” with regard to SHA-1, use of a more secure hashing algorithm will be more important as time goes on. For example, the interruption of service of the WebKit SVN would not have occurred if SHA-2 was in use.