New SHA-1 Attack

2020-01-08 15:38

We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.

We chose the PGP/GnuPG Web of Trust as demonstration of our chosen-prefix collision attack against SHA-1.

Using our SHA-1 chosen-prefix collision, we have created two PGP keys with different UserIDs and colliding certificates: key B is a legitimate key for Bob, but the signature can be transferred to key A which is a forged key with Alice's ID. The signature will still be valid because of the collision, but Bob controls key A with the name of Alice, and signed by a third party.

It's still the default hash function for certifying PGP keys in the legacy 1.4 version branch of GnuPG, the open-source successor to PGP application for encrypting email and files.

SHA1 is also still allowed for in-protocol signatures in the Transport Layer Security and Secure Shell protocols.

News URL

https://www.schneier.com/blog/archives/2020/01/new_sha-1_attac.html

#attack