SHA-1 crypto algorithm is dead by collision attack

The SHA-1 algorithm is dead — except, of course, that it's still in wide use all around the internet.
(Getty Images)

The SHA-1 cryptographic hash function is dead.

A 24-year-old security mechanism still in wide use around the internet today, the NSA-developed cryptographic algorithm was finally proven to be broken this week by a team of Dutch cryptographers and Google researchers who published their work at The researchers showed how to “collide” two different files but come out with the same digital signature, showing once and for all that the SHA-1 algorithm suffers from fatal weaknesses and can no longer effectively be trusted as a cryptographic signature guaranteeing the veracity of files.

You can read the full research paper here. The attack, which took the equivalent of 110 years of single-GPU computations and 6,500 years of single-CPU computations, has never been spotted in the wild.

Although SHA-1 was officially deprecated by NIST in 2011, it’s still used widely in digital certificates, software management and encryption programs. Cryptographic algorithms are used as crucial bulwarks of security. When the MD5 algorithm was broken in 2010, nation-state attackers forged Microsoft’s signature and could then hijack Windows update impacting millions of users, making the infiltration of targeted networks a far more obtainable task.


In 2012, when the death of SHA-1 was still just a hypothetical, researchers warned of the consequences.

“When it does happen, it’s going to be a disaster, because SHA1 is everywhere,” Matthew Green, a cryptography professor at Johns Hopkins University, told Ars Technica. “You could be Microsoft, you could be Google, if you were able to get an attack on SHA-1.”

The cryptographer Bruce Schenier recommended that same year to begin migration away from SHA-1 as quickly as possible.

As of Friday, both Chrome and Firefox will automatically protect users from insecure TLS/SSL certificates. Files sent in Gmail and Google Drive are already subject to testing against the attack.

The researchers point to safer alternatives, such as SHA-256 or SHA-3. Other experts suggest looking at speedier functions like Blake2. Whatever the choice, the lesson is clear: Change or be a soft target.

Latest Podcasts