SHA1 is broken now

[walbus]

SHA1 is broken now

https://shattered.io/

[netmaestro]

Looks like shameless self-promotion to me. I'd like to see more mathematical proof and less advertising before I'm impressed.

[IdeasVacuum]

I don't know - I think most likely the claims are genuine, SHA-1 has effectively been obsolete for critical use since about 2006 if we are to believe the opinion given on Wikipedia, amongst others.

[Keya]

one of Google's teams was involved in it though so i wouldnt bet against it

The research is the result of a more than two-year collaboration between researchers at the Centrum Wiskunde & Informatica in the Netherlands and Google's research security, privacy, and anti-abuse group. The first phase of the attack was run on a heterogeneous CPU cluster that was hosted by Google and spread over eight physical locations. A second and more expensive phase was run on a heterogeneous cluster of K20, K40, and K80 GPUs that were also hosted by Google. Had the researchers performed their attack on Amazon's Web Services platform, it would have cost $560,000 at normal pricing. Had the researchers been patient and waited to run their attack during off-peak hours, the same collision would have cost $110,000. That's within the $75,000 to $120,000 range CWI's Stevens projected in late 2015.

https://arstechnica.com/security/2017/0 ... -now-dead/

[Lunasole]

... You can use our file tester above to check your files. If you use Chrome, you will be automatically protected...

All the meaning of such Google useless 'efforts' and articles.

They are useless because of... who cares about such 'news'? It's anyway obvious that if you need serious security you should use the most complex and proven algorithms, not something questionable from 2000x. If you don't need, then you should use good old MD5 and SHA1 for performance and other nice things ^_^