A hash collision occurs when two input strings of a hash function produce the same hash result. Given that hash functions have infinite input length and a predefined output length, there has always been the possibility of two different inputs producing the same output hash. Research by Google’s Project Zero managed to create such a collision with the SHA1 hashing algorithm. If your threat model includes organizations that can spend $130,000 on cloud computing power to perform 9,223,372,036,854,775,808 SHA-1 computations (6,500 years of CPU time and 110 years of GPU time) then you should give serious consideration to abandoning SHA1 for a stronger algorithm in short order.
TLP: GREEN
ACTOR TYPE: (IV-V)
SERIAL: TR-040-2017
COUNTRIES: Worldwide
INDUSTRIES: All
REPORT DATE: 20170224
