The SHA-1 hash function is more vulnerable than ever before
A paper was published this month, Gaëtan Leurent and Thomas Peyrin, SHA-1 is a Shambles First Chosen-Preﬁx Collision on SHA-1 and Application to the PGP Web of Trust, available at: https://eprint.iacr.org/2020/014.pdf , which demonstrates a viable way to perform a collision attack on SHA-1. This is an update to the paper discussed in the Tip of the Night for May 17, 2019. Their technique makes security protocols such as SSH (the secure shell network protocol) that use SHA-1 for handshake protocols vulnerable. With handshake protocols, a control protocol uses one of a list of supported hash functions. The handshake sets a range of parameters, such as a transfer rate, before normal communication begins between two devices. The new paper shows how PGP encryption keys can be created with different IDs but the same SHA-1 hash values.
This update indicates that any protocol which supports SHA-1 can be successfully attacked even if it also uses other hash function. Leurent and Peryin now claim to prove that a man in the middle attack can force two communicating devices to use SHA-1.
Leurent and Peyrin show how a collision can be accomplished for the cost of only $11,000 of computing power. "This cost will decrease over time and in a close future will be so cheap that any ill-intentioned person could aﬀord it." Id. at 28. The paper discussed here last year mentioned engineering a collision attack for $110,000.