Waiting For SHA-1 To Fall

The math is complicated but the message is clear: by 2020, it will be feasible for practical collision attacks to occur against SHA-1 according to one expert.

According to Bruce Schneier's blog, Intel's Jesse Walker has calculated that Moore's Law (which says that the number of transistors on a chip will double every year) will increase the efficiency and lower the cost of a system crunching the numbers necessary to find a collision (where another set of numbers will create the same hash value) using SHA-1. The cost of the attack will drop from $2.77 million to a mere $43K in 2021. Walker says "A collision attack is therefore well within the range of what an organized crime syndicate can practically budget by 2018, and a university research project by 2021."

He adds, "Since this argument only takes into account commodity hardware and not instruction set improvements (e.g., ARM 8 specifies a SHA-1 instruction), other commodity computing devices with even greater processing power (e.g., GPUs), and custom hardware, the need to transition from SHA-1 for collision resistance functions is probably more urgent than this back-of-the-envelope analysis suggests."

The obvious advice is to move toward using SHA-2 and recently approved SHA-3 algorithms instead.