We have heard about it, that the popular SHA1 hashing function used in a lot of security software, is weak and should be deprecated and officially obsoleted. Certificate authorities had stopped issuing certificates with SHA1 from 1 Jan 2016, and web browsers such as Chrome begun to show errors for SH1 certificates from Jan 2017. Just in time, because SHA1 is now shattered.
Google just announced the first SH1 collision. They’ve engineered two PDF files, obviously different in contents, but both producing the same SHA1 hash.
What this can potentially mean is that, when you have digitally signed one document, it is possible for an adversary to produce a different document that can be purported to be signed by you. With this SHA1 collision, your digital signature can be applied to a document different from the one you think you’ve signed.
This collision makes it more urgent than ever for security systems that still use SHA1 to migrate to more secure cryptographic hashing algorithms. The natural upgrade includes SHA-256 and SHA-384
In the past, the theoretical collision can be brushed off as merely, well, theoretical. Here, Google has a concrete example. But, if you’re still thinking that it’s not likely that any Tom, Dick, or Harry will have the technical know-how or resources to repeat Google’s example, then you need to know this:
Google is releasing code that will allow anyone to create a pair of PDFs that has to the same SHA1 hash, given two distinct images, with some pre-conditions. Have fun when that comes in 90 days.