Blog Links: SHA-1 cryptographic hash collision detection by Google

By | February 24, 2017

Google puts another nail in the coffin for SHA-1. They already moved from using SHA-1 on their products but there are still a lot of places where is used by default.
In a post on the Google Online Security Blog Announcing the first SHA1 collision Google researchers claim that they have a good way of finding collisions for SHA-1.
As they state:

we will wait 90 days before releasing code that allows anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some pre-conditions.

This is a strong advice to move to SHA-256 and consider SHA-1 as unsecure.

Advertisements