YOU... SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, apps Microsoft is preparing to once and for all drop support for the SHA-1 hash algorithm. Redmond this week said that on Monday, August 3, Windows downloads signed using SHA-1 will no longer be offered by the Windows app'n'updates download center, the last step in a SHA-2 transition that has been going on for more than a year now …
If they had half a brain, they'd simply sign everything with SHA2 in a *different* field. And continue to do that for whatever algorithms they switch to in the future.
Then, even with old obsolete programs, the chances of a file not only being maliciously crafted to match the SHA1 of a file, but also its MD5 and a CRC and whatever-else are increasingly slim, and things that only check other hashes would continue to work as normal. This would then allow a smooth transition where at no point did you *need* to suddenly re-sign everything you use, but could slowly move over and additionally-sign them with SHA2 as time goes by, and legacy clients would be "vulnerable" but still work.
But, of course, they won't.
Then, even if someone found a SHA-2 collision, the chances of it also being able to collide its SHA-1, MD5, CRC, etc. *as well* with the same malicious file are infinitesimally small, especially when they are entirely different algorithms.
"Secure" is not a mathematical concept, it involves judgement of risk. For example you might argue that your new mega lock is 'secure' because the key is impossible to copy, but if I've got a battering ram that can destroy the door it matters not whether the key is copyable...
If it has taken many years and huge resources to come up with two documents that have the same hash, as it says in the article, and assuming that it hasn't suddenly become easier to generate another pair, I'd argue that the hash algorithm is secure enough for most purposes - and that can reasonably be called a belief, in the sense that it is an opinion.
its a problem if that is your only method of signing. Cisco display an MD5 signature (even less secure!) on their IOS download pages but the IOS es themselves have 2 different SHA hashes embedded in them, so when we you get the router to 'verify' the files both need to match
I don't think anyone should be thinking of secure as a binary is/isn't. Rather, it is a judgement call on whether it would be worth an attackers time and money to pull off the attack.
The last research I have seen puts the cost of a chosen prefix sha1 collision in the $50K compute price range with a couple of months of running time.
So for intercepting some https traffic or signing a piece of malware so it looks legitimate, it's obviously becoming a real potential problem and we need to be moving to stronger hashes. But for defining your branches in git, it serves its purpose and will continue to do so.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
