neumann@csl.sri.com
Date: Thu, 23 Feb 2017 12:12:12 PST
Two PDF files display different content, yet have the same SHA-1 digest.
Nine quintillion (9,223,372,036,854,775,808) SHA1 computations, with 6,500
CPU-years for phase one, and 110 GPU-years for phase two:
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/
https://www.wsj.com/articles/google-team-cracks-longtime-pillar-of-internet-security-1487854804
https://shattered.it/ and http://shattered.io/ https://marc-stevens.nl/research/papers/SBKAM17-SHAttered.pdf
However, this is not particularly earth-shattering. in that SHA-1 is not
used much any more. Incidentally, the fourth of Adi Shamir's 15 predictions
for the next 15 years on cybersecurity, crypto, quantum, privacy, and
payments (blogged by Ross Anderson) from a recent panel in 2017 Financial
Crypto:
4. RC4 and SHA-1 will be phased out while AES and SHA-2/3 will remain
secure. (Adi expects a SHA-1 collision within the year.)
https://www.lightbluetouchpaper.org/2016/02/22/financial-cryptography-2016/#comment-1456744