Google has said the world should stop using SHA-1 cryptographic hash function and move on to SHA-256 – the cryptography used in Bitcoin.
Google: Move to SHA-256 ‘More Urgent Than Ever’
In a release late last month, the company said it had successfully achieved the “world’s first SHA-1 collision,” an experiment where two pieces of data share the same hash.
The research was a joint project between Google researchers and the Centrum Wiskunde & Informatica (CWI) based in Amsterdam, Netherlands.
“For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage… We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure,” the project’s team writes.
Moving forward, it’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3.
SHA-1 ‘Flaws’ Gift To Top Hackers
Google has been stressing the need to abandon SHA-1 for several years, with software such as its Chrome browser and operating system among the first to see a decreased reliance on the technology, which is now twenty years old.
The release specifically states that it is SHA-1’s “flaws” that contribute to the possibility for powerful hackers to undermine it.
“In practice, collisions should never occur for secure hash functions. However, if the hash algorithm has some flaws, as SHA-1 does, a well-funded attacker can craft a collision. The attacker could then use this collision to deceive systems that rely on hashes into accepting a malicious file in place of its benign counterpart. For example, two insurance contracts with drastically different terms.”
Despite SHA-1’s ability to be hacked, Bitcoin’s SHA-256 never has been.
— Eric Lombrozo (@eric_lombrozo) February 27, 2017
Antonopoulos Says Bitcoin Can Fight Off Quantum Computers
In a further reassuring speech for cryptocurrency users, Andreas Antonopoulos last week said that Bitcoin’s hash functions meant it was naturally immune to the most sophisticated attacks imaginable – those from quantum computers.
Speaking in a Q&A session, Antonopoulos explained how Satoshi Nakamoto’s design meant that Bitcoin would continue to rise above advances in the field.
At the same time, he acknowledged that while the US National Security Agency (NSA) may well have the quantum computing power to “hack” Bitcoin, it was extremely unlikely they would ever do so.
“It is certain that the NSA has already built quantum computers. Google has one in their data center, and if they have one, the NSA has one that’s ten times better,” he said. “…Do they use that to break Bitcoin? The simple answer is: no.”
What do you think about Google’s perspective on SHA-1 and Bitcoin’s resilience to quantum attacks? Let us know in the comments below!
Images courtesy of Shutterstock, Google, Antonopoulos.com