Announcing the first SHA-1 collision

The Google security blog carries the news of the first deliberately constructed SHA-1 hash collision. "We started by creating a PDF prefix specifically crafted to allow us to generate two documents with arbitrary distinct visual contents, but that would hash to the same SHA-1 digest. In building this theoretical attack in practice we had to overcome some new challenges. We then leveraged Google’s technical expertise and cloud infrastructure to compute the collision which is one of the largest computations ever completed." The SHA-1 era is truly coming to an end, even if most attackers lack access to the computing resources needed for this particular exploit.

Comments (28 posted)