苹果Pro Display XDR显示器很棒 但天价Pro Stand支架把人劝退 Adobe等合作伙伴对苹果新款Mac Pro工作站赞不绝口 Jony Ive为苹果新款Mac Pro与Pro Display XDR官方介绍视频配音 [图]2019年Apple Design Awards获奖名单公布:奖品丰厚 苹果再创天价配件:Pro Display XDR显示器原厂支架售约1000美元 ARKit 3带来更逼真AR 人物可进入虚拟世界 [图文直播]苹果WWDC 2019开发者大会 三星开始在断供之后蚕食华为订单 北大张海霞致信IEEE 申请退出委员会 华为“方舟”也来了:老外秒懂 国产操作系统Deepin深度体验 华为Mate 20 Pro重回Android Q名单中 荣耀20系列国内发布:售价2699元起 加持五项华为“黑科技” 华为在德国向客户播放1分钟情感广告 - 我们将继续 网友称红米K20 Pro是堆料机 雷军回复 WiFi联盟、蓝牙联盟、JEDEC协会已恢复华为成员资格 [图文直播]一加7/7 Pro正式发布:2999元/3999元起售 钢铁侠代言 锤子、美图等小众手机品牌都凉了 一加为什么活得挺滋润? iOS 13、macOS 10.15 和 watchOS 6 新功能大揭秘 罗玉凤diss华为引争议 本人回应 小米公司副总裁汪凌鸣被辞退 因违反治安管理处罚法 ARM公司中止与华为合作 恐影响未来华为手机发展 华为自研操作系统:已注册“华为鸿蒙”商标 罗玉凤谈论华为引争议 苏宁:拒绝卖给罗玉凤任何一台手机 联想回应“海外召回 中国不召回”传闻:信息都是假的 SD协会剔除华为 新手机或无法使用microSD卡 小米9T曝光:无刘海+3.5mm耳机孔 本月发 小米在官方推特公布9T系列 6月12日发布 小米系列第二款骁龙855旗舰:小米9T Pro即将登陆欧洲 OPPO展示屏下摄像头技术:真全面屏方案来了 小米大跌逾5%创上市来新低 雷军场外获赠7900万B类股 中国移动新生代电商品牌LiXS上线 适用于Galaxy A40/A50/A70的漫威主题保护套上架 售价约合230元 “正版”Supreme维权成功 Supreme Italia两个商标被商标局撤销 三星电子:停止与Supreme ltalia合作 三星电子取消与意大利Supreme合作 USGamer认为主机平台之争即将结束 19年E3为新开端 亨通光电:拟购买华为持有的华为海洋51%股权 [图]英特尔Project Athena:让“超极本”迈入新阶段 首先解决续航问题 腾讯游戏业务营收连续三个季度同比负增长 Q1云业务数据被隐藏 日本建成首支机器人消防队伍 耗资13.8亿日元 日本研发自主消防机器人 包括水炮和软管扩展设备 圣地亚哥消防部门正在测试遥控无人机 以获得更强的应急响应能力 [图]SmokeBot:帮消防员探路和检测是否有爆炸危险 彭博社:特斯拉靠出售温室气体信用额度10年创收20亿美元 马斯克:特斯拉将在加州弗利蒙特工厂生产Model Y 马斯克称特斯拉皮卡不到5万美元:比保时捷911还能跑 续航可达800km 特斯拉Model P有望今夏亮相:定位六座大型皮卡 SSD被焊死:戴尔新款XPS 13 7390变形本引发巨大争议 电子烟国家标准正在批准 发布时间未定
漂流瓶终于彻底拜拜 微信7.0.4新版体验
微信漂流瓶被玩坏了 聊聊漂流瓶里那些事
微信关闭漂流瓶 它曾经满足了我们对世界的好奇
微信暂停漂流瓶功能:对色情内容零容忍
[视频]惠普Chromebook x360 14 G1评测:搭载Chrome OS的商务变形本
特斯拉:北京客户可三年免息融资购车并免费租赁车牌
借贷宝:停止催收百名裸条女大学生 未满23岁将不得借贷
京东白条多地频现盗刷 消费者遭催收公司“逼债”
借款野蛮催收行为将被规范 真是几家欢喜几家愁
为规范网贷催收 上海互金协会发行业倡议书
腾讯解释为什么微信没有夜间模式 真相你相信吗?
一张发行8年的微信唱片:只收录了4首歌曲


漂流瓶终于彻底拜拜 微信7.0.4新版体验
微信漂流瓶被玩坏了 聊聊漂流瓶里那些事
微信关闭漂流瓶 它曾经满足了我们对世界的好奇
微信暂停漂流瓶功能:对色情内容零容忍
[视频]惠普Chromebook x360 14 G1评测:搭载Chrome OS的商务变形本
特斯拉:北京客户可三年免息融资购车并免费租赁车牌
借贷宝:停止催收百名裸条女大学生 未满23岁将不得借贷
京东白条多地频现盗刷 消费者遭催收公司“逼债”
借款野蛮催收行为将被规范 真是几家欢喜几家愁
为规范网贷催收 上海互金协会发行业倡议书
腾讯解释为什么微信没有夜间模式 真相你相信吗?
一张发行8年的微信唱片:只收录了4首歌曲


Security researchers announce "first practical" SHA-1 collision attack
安全研究人员宣布“第一个实用的”SHA-1碰撞攻击

当前位置: 艾金森 > 门户 > 新闻

点击量 3
编辑: 1   作者: Techcrunch   时间: 2018/11/13 3:07:05  

Security researchers at the CWI institute in Amsterdam working with?a team?from?Google Research say they have found a faster way to compromise the SHA-1 hash algorithm - announcing what they describe as "the first practical technique for generating a SHA-1 collision" in a blog post today.

A?'collision' here refers to being able to generate the same hash multiple times?- thereby?potentially enabling a attacker to deceive a system into accepting a malicious file in place of its benign counterpart.

The SHA-1 hash algorithm is still in use for verifying the authenticity of digital content, despite the march of Moore's Law ramping up compute power available to hackers in the wild - and despite?other, more robust alternatives having existed for years.

The SHA-1 collision attack, which the group is puntastically naming?'SHAttered', is described in more detail here. Their website also hosts a proof of the attack - in the form of two?PDFs with different content but the same hash.

Systems that could be compromised via the technique according to the researchers include document signature, HTTPS certificates, version control (git), backup systems, software updates, ISO checksums and more.

"It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file," they write.

"For example, by crafting the two colliding PDF files as two rental agreements with different rent, it is possible to trick someone to create a valid signature for a high-rent contract by having him or her sign a low-rent contract."

SHA-1 is more than two decades old at this point. And faster-than-brute-force techniques for attacking it have been around since as early as 2005. Indeed, you can read?Bruce Schneier?blogging about one such attack algorithm here.

But while that 2005 attack?was able to find collisions in 269 calculations, or about 2,000 times faster than brute force - which Schneier described as being "just on the far edge of feasibility with current technology" -?the CWI and Google Research method being announced now is described as?"more than 100,000 times faster than a brute force attack".

Hence being?dubbed the "first practical technique" to compromise digital signatures incorporating SHA-1.

"The SHAttered attack is 100,000 faster than the brute force attack that relies on the birthday paradox. The brute force attack would require 12,000,000 GPU years to complete, and it is therefore impractical," they write in an FAQ.

"This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations."

There have been industry attempts?to try to accelerate the shift?away?from SHA-1 for multiple years now. Mozilla, for example, announced a depreciation plan for its Firefox browser as early as September 2014.

Though it?was forced to reverse a ban of?certificates signed with the standard at the start of last year?after that?block caused compatibility problems for users. Which illustrates?the challenge of migrating away from older Internet?technologies - even when?they are shown to be?less secure.

The researchers behind SHAttered are nonetheless hoping their work will generate more momentum?to?accelerate the transition to more robust hash algorithms - given how much the technique speeds up SHA-1 attacks.

"We hope that our practical attack against SHA-1 will finally convince the industry that it is urgent to move to safer alternatives such as SHA-256," they write. "It’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3."

"We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure," they add.

The group says they will be waiting 90 days before releasing the code of the attack - in line with Google's vulnerability disclosure policy. They are also providing?a free detection system to the public. And note that they have already added protections for Gmail and GSuite users which?detects the?PDF collision technique.

Support for SHA-1 certificates was removed from Google's Chrome browser in January. While Mozilla's?Firefox?browser is due to remove support (again)?early?this year.

Certification Authorities that abide by the CA/Browser Forum regulations are also?not allowed to issue SHA-1 certificates anymore.