Google announced that Cryptographic hash function SHA-1 has been successfully hacked. It was possible to create two distinct PDF documents with the same SHA-1 hash code.
Advertising
Hash codes are used in browser security, file security and more. If a file or a message uses a hash code, it should prove, that the content wasn't altered. But there are several hash algorithms, some are weak and some are hackable. MD5 has been quoted as "unsecure" for hash functions sind years. SHA-1 has been the next candidate – and security researchers proposed, that this hash code function will be hacked somewhere in 2017. Therefor browser developers has begun to remove support for SHA-1 in 2017.
(Source: Google)
Now Google announced the first SHA1 collision. Together with CWI Institute in Amsterdam security researchers was able to generate a SHA-1 hash collision. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content. So SHA-1 is unsecure from this moment on and shouln't be used. More details may be read at this Arstechnica article.
