A really interesting article here regarding SHA-1 hash algorithm and collisions.
MD5 collisions have been known for a long time, and SHA-1 collisions have theoretically been around for a while too, albeit engineered collisions as opposed to accidental ones. Because of that, NIST have not really endorsed SHA-1 for a few years although their hash databases still comprise their values (as they do for MD5, for that matter). So I don’t think engineered collisions render the algorithm useless – certainly not for most daily tasks, but perhaps for security more so.
The work was conducted following a long term collaboration between the Cryptology Group at Centrum Wiskunde & Informatica (CWI) – the national research institute for mathematics and computer science in the Netherlands – and the Google Research Security, Privacy and Anti-abuse Group.
Anyway, as the report below shows, the work needed to show this collision for two different PDF files (its refreshing to see it for an actual file as opposed to just a few bytes of data like a password string) was not insignificant.
“Who is capable of mounting this attack? This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. ”
So, for now, SHA-1 will remain the default option for QuickHash.
Read full article here : https://shattered.io/