Finally, SHA-1 is definitely dead

“We have broken SHA-1 in practice.”

SHA-1 was introduced in 1995 and, in 2015, researchers disclosed a method that lowered the cost of an SHA-1 collision to $75,000-$120,000 using Amazon’s EC2 cloud over a period of a few months.

Despite steps taken by major companies to move away from SHA-1, the hash function is still widely used.

Now researchers at Google have realized the first real world collision attack against SHA-1, creating two documents with different content but identical hashes.

This technique has been dubbed “SHA-1 shattered” or “SHAttered”:

Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google.

More technical information are available on the dedicated site,

Who is capable of mounting this attack?

This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.

How does this attack compare to the brute force one?

The SHAttered attack is 100,000 faster than the brute force attack that relies on the birthday paradox. The brute force attack would require 12,000,000 GPU years to complete, and it is therefore impractical.


Related posts