So I'm seeing something really silly in this discussion.... what google has demonstrated doesn't create any particular worry when it comes to file integrity checks. The reason is because it is so overwhelmingly difficult to intentionally manufacture a file that has an sha1 checksum collision that it isn't a concern for ANYBODY.
The main consideration here is only whether or not an sha1 HASH can be duplicated. This has security considerations, NOT related to file integrity checking, but to the storage of SECURITY CREDENTIALS.
And it is a concern for EVERYBODY, because it has to do with logging into your BANK.
Here is the thing;
YOU know your password, your bank does NOT.
Your bank knows a HASH of your password, which they use to calculate whether or not YOU know your password, and in many cases, this is an SHA1 hash.
A hacker breaks into your bank's website and dumps the user database, or an insider leaks it, or WHATEVER, which includes the SHA1 hash of everybody's password.
If it is practical to create an SHA1 collision, then they can generate a new password to log into your bank account, and that password they generate doesn't necessarily even MATCH yours. This attack also doesn't depend on trying trillions of times to log into the bank's website since they can apply a botnet to generate the fake password and log in on the first attempt!
And to make it even worse, they have a huge list of customer login hashes to generate colliding passwords for, which could significantly reduce the time before they get something that is useful for stealing money.
The main consideration here is only whether or not an sha1 HASH can be duplicated. This has security considerations, NOT related to file integrity checking, but to the storage of SECURITY CREDENTIALS.
And it is a concern for EVERYBODY, because it has to do with logging into your BANK.
Here is the thing;
YOU know your password, your bank does NOT.
Your bank knows a HASH of your password, which they use to calculate whether or not YOU know your password, and in many cases, this is an SHA1 hash.
A hacker breaks into your bank's website and dumps the user database, or an insider leaks it, or WHATEVER, which includes the SHA1 hash of everybody's password.
If it is practical to create an SHA1 collision, then they can generate a new password to log into your bank account, and that password they generate doesn't necessarily even MATCH yours. This attack also doesn't depend on trying trillions of times to log into the bank's website since they can apply a botnet to generate the fake password and log in on the first attempt!
And to make it even worse, they have a huge list of customer login hashes to generate colliding passwords for, which could significantly reduce the time before they get something that is useful for stealing money.
Comment