A hash collision occurs when two input strings of a hash function produce the same hash result. Given that hash functions have infinite input length and a predefined output length, there has always been the possibility of two different inputs producing the same output hash. Research by Google’s Project Zero managed to create such a collision with the SHA1 hashing algorithm. If your threat model includes organizations that can spend $130,000 on cloud computing power to perform 9,223,372,036,854,775,808 SHA-1 computations (6,500 years of CPU time and 110 years of GPU time) then you should give serious consideration to abandoning SHA1 for a stronger algorithm in short order.
Get Alerts as the Wapack Cyber Technical Reports are Posted. Become a Subscriber, Click here and Get 14 days for 99 cents!
ACTOR TYPE: (IV-V)
REPORT DATE: 20170224