Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total

6,500 years of CPU computation to complete the attack first phase

110 years of GPU computation to complete the second phase





While those numbers seem very large, the SHA-1 shattered attack is still more than 100,000 times faster than a brute force attack which remains impractical.





Mitigating the risk of SHA-1 collision attacks





Moving forward, it’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3. Following Google’s vulnerability disclosure policy , we will wait 90 days before releasing code that allows anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some pre-conditions. In order to prevent this attack from active use, we’ve added protections for Gmail and GSuite users that detects our PDF collision technique. Furthermore, we are providing a free detection system to the public.





You can find more details about the SHA-1 attack and detailed research outlining our techniques here





About the team





This result is the product of a long-term collaboration between the CWI institute and Google’s Research security, privacy and anti-abuse group.











