CTI STIX Subcommittee

 View Only

SHA1 security implications

  • 1.  SHA1 security implications

    Posted 12-04-2018 21:21
    As mentioned on the call, SHA1 has been successfully attacked: https://en.wikipedia.org/wiki/SHA-1#SHAttered_%E2%80%93_first_public_collision The offical website: https://shattered.io/ Also, as a reminder, attacks only get better, today it may have taken 110 years of GPU, but in a few years, it may drop to a few years. If we depend upon semantec equivalence of the id, then we need to be aware of this attack and the implications that it has. The attack is able to take a known prefix and suffic, and generate a middle part that collides w/ a different middle part... It is likely and possible that we could construct the format of the data to be hashed to prevent this attack, but I do not know cryptography well enough to inform people how to prevent it. It'd be easiest to switch to a different algorithm, which if we aren't doing UUIDv5, then it wouldn't be hard to do so. -- John-Mark