What does this mean for you and your organization? Let me start with a bit of background so the following makes sense.
A hash is a mathematical function, something you can calculate for any piece of data. The contents of a file, an entire disk, the payload contained within a network packet, the output of a program, the hash can be calculated for any piece of data. I’ll just say “file” but it could be anything.
The hash value, the result of that calculation, is a very distinctive measurement of that file, a “fingerprint” if you want to think of it that way. The hash is extremely sensitive. If you change just one bit out of the trillions of bits on a disk, the resulting hash output will be very different.
A well-designed hash function makes it very difficult to find a collision. A collision is what happens when you have two files with different contents, but which generate the same hash output. Collisions have to happen, there is a finite (although very large!) number of possible hash outputs but an infinite number of possible inputs. However, collisions must be very difficult to find.
The obvious use is data integrity. If I keep a safe copy of the hashes for all the critical files on a system, it is extremely difficult for the bad guy to change one of those files to his advantage and have the modified version collide, or have the same hash as the good version. If he can’t find a useful collision, either he gives up or I can detect the changed hash and fix or at least disregard the changed data. This is the core of the Tripwire product and the free alternatives like AIDE, which we teach you to use in Learning Tree’s Linux optimization and troubleshooting course.
A strong hash function is a component of a digital signature, which can be used on its own to protect software packages and e-mail messages. A digital signature is used to create a digital certificate, the core of public-key infrastructure or PKI and a requirement for security across the Internet. We explain digital signatures, digital certificates, and PKI in Learning Tree’s System and Network Security Introduction course.
The cryptographers report that they have a way to find something called a freestart collision for SHA-1. This isn’t a complete collision from input to output, it’s a collision within the internal compression function, but this is just like what happened with the MD5 hash in the early 2000s.
As I explained above, collisions have to exist. The designer of a hash function are making a promise that it would take at least a certain amount of work to discover a collision. This new work has found a shortcut, the promise is now broken. It’s important to realize that the shortcut works against SHA-1 but not against the newer SHA-2 or the latest SHA-3.
This is a cryptographic or mathematical advance, finding a better attack technique. The other trend to the attacker’s advantage is how computers continue to get faster and faster. You can now rent high-performance computing clusters in Amazon’s cloud service for a low cost per hour. Each compute node has multiple GPU (or Graphics Processing Unit) cards repurposed for computing, and each GPU is equivalent to a few hundred CPU cores.
You can work through the basic arithmetic to calculate how much time and money it will take to discover full SHA-1 hashes, and the authors have. We’re now down to an estimated 45–78 days and a cost of US$ 75,000–120,000 to find a SHA-1 collision.
If your server’s digital certificate is based on SHA-1, that’s the time and cost to generate a perfectly undetectable fake.
Hopefully you don’t have any SHA-1 certificates for your servers. If so, it’s time to replace them!
You also don’t want your browser to trust SHA-1 certificates. Google, Mozilla, and Microsoft announced that their browsers will stop accepting SHA-1 certificates by 2017. That was based on an analysis projecting significantly higher cost in time and money for finding collisions.
This result came out just in time, there has been a discussion about extending the lifetime of SHA-1 by at least another year so as to delay the hassle and expense of upgrading.
Let’s not trade security for convenience!