Google cracked it and will release the method in 90 days.
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Collision attack, not preimage.
Still fine for integrity checks.
But broken authentication and attestation.
Mozilla knew this 3 years ago :^)
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
>>59080260
>you need 12 million gpus to crack it
>>59080942
I think they're saying their attack required 100 GPUs for a year instead of 12 million GPUs for a year to just brute force.
So if you used 1000 GPUs you could do this attack in a month, if you used 3000 it would take 12 days, if you used 5000 it would take one week.
>not using SHA-256/SHA-512
>>59082189
>not using SHA3
>>59080766
Everyone knew this 3 years ago. SHA-1 has been deprecated for a while
>Has this been abused in the wild?
>Not as far as we know.
>This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations.
Why aren't you using the Whirlpool hash function yet, anon?
http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
good thing I SHA-512
>>59080942
Alright let me check my basement...brb