So google actually performed an SHA-1 collision !
Quoting from the post as such , “Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. ” What really blows my mind is the amount of computational resources that went into actually making sure that they could generate a collision.
A few numbers about that :
- Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
- 6,500 years of CPU computation to complete the attack first phase
- 110 years of GPU computation to complete the second phaseI still remember going through the MD5 method back in college , and thinking to myself , what is the degree of improvements that current methods have over the MD5 . I encountered the SHA1 then and remember thinking that it was a pretty solid fix.
That being said , it is important to keep in mind that cryptography is always a cat and mouse game . The harder people try to protect their data and privacy with world class standards, the other side will try equally harder , if not more , to come up with methods to crack said standards. And that , I think , is the beauty of it . A constant struggle to beat the odds.
Link to full article :