Google, Dutch institute crack key Internet security standard

Google and Amsterdam-based Centrum Wiskunde & Informatica cracked Secure Hash Algorithm 1, or SHA-1.
Google and Amsterdam-based Centrum Wiskunde & Informatica cracked Secure Hash Algorithm 1, or SHA-1.PHOTO: AFP

AMSTERDAM (REUTERS) - A collaboration between Google's research unit and a Dutch institute on Thursday (Feb 23) cracked a widely used cryptographic technology that has been one of the key building blocks of Internet security.

The algorithm, known as Secure Hash Algorithm 1 or SHA-1, is currently used to verify the integrity of digital files and signatures that secure credit card transactions as well as Git open-source software repositories.

Researchers were able to demonstrate a "collision attack" using two different PDF files with the same SHA-1 fingerprint, but with different visible content, according to a paper published by Amsterdam-based Centrum Wiskunde & Informatica.

"Moving forward, it's more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3," according to a post by the collaborators on Google's security blog.