SHA-1 collision attacks are now actually practical and a looming danger

Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever “chosen-prefix collision attack,” a more practical version of the SHA-1 collision attack first carried out by Google two years ago.

What this means is that SHA-1 collision attacks can now be carried out with custom inputs, and they’re not just accidental mishaps anymore, allowing attackers to target certain files to duplicate and forge.



https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/?