Open insanetesterftw opened 7 years ago
I do hope people have already moved on from using SHA-1 for high security purposes. CRC32 and MD5 have been considered weak for many years now but both still have their uses.
For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates.
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
If a sha1 collision is important for your data then you should probably use a different algorithm. I probably won't add any detection to RCRC.
Given the recent discovery that is now possible to create collisions in sha1 it would be good for RapidCRC to detect them.
https://shattered.io/
Quoting from the above URL:
Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include:
You can use the online tool above to submit files and have them checked for a cryptanalytic collision attack on SHA-1. The code behind this was developed by Marc Stevens (CWI) and Dan Shumow (Microsoft) and is publicly available on GitHub.
It is based on the concept of counter-cryptanalysis and it is able to detect known and unknown SHA-1 cryptanalytic collision attacks given just a single file from a colliding file pair.
And how would you detect it?
https://github.com/cr-marcstevens/sha1collisiondetection