Article posted: Mar 01
By Marcus Hartwig, GM Americas
For more than 20 years, cryptographic hash functions like SHA-1 have played a major role in browser security, managing code repositories or even just detecting duplicate files in storage. SHA-1, or Secure Hash Algorithm 1, was designed by the United States National Security Agency and was published by the United States NIST. We applaud the recent collaboration of the CWI Institute in Amsterdam and Google, which now shows its many flaws and security weaknesses.
For more than two years, the two companies put SHA-1 through various practical attacking schemes to demonstrate its vulnerability. During this testing, Google and the CWI Institute created the first practical "collision," which occurs when two distinct pieces of data - a document, a binary, or a website's certificate - hash to the same digest. In practice, collisions should not be possible if the hash function is truly secure. By exposing the SHA-1 hash vulnerability, Google and the CWI Institute demonstrate how a well-funded attacker can craft a collision.
So, what's the fallout from these types of collisions? A nefarious attacker could use a collision to deceive systems that rely on hashes into accepting a malicious file in place of a good file. In such a man-in-the-middle attack scheme, the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
In using an insecure hashing algorithm, a threat to the whole security infrastructure is created - even if strong hardware credentials such as top of the line smart cards and HSMs are used to hold the asymmetric keys used to perform the cryptography.
Hashing is used to condense data, making it practical to sign it. For example, when signing a public key with information about the holder of the corresponding private key, the results are used in creating a certificate. Therefore, if the public key is weak, the certificate becomes susceptible to attack. If the Public Key Infrastructure (PKI) is weak, a malicious actor could impersonate the certificate holder and thereby attack the infrastructure. If you think of a PKI as a phone system, an attacker could issue an invalid phone directory causing mass confusion and severe repercussions.
The recommendation to use safer hashing technologies and retire SHA-1 is welcome news for the identity and access management (IAM) industry, as many IAM management solution companies rely on PKIs and therefore can no longer afford to rely on SHA-1
For now, Google and the CWI Institute are recommending a migration to much safer cryptographic hashes such SHA-256 or SHA-3. And like many in our industry, we believe it's in everyone's best interest to step up security and use these stronger hashing algorithms.