Skip to the main content.
Contact
Contact

2 min read

SHA-1 Is Dead!

SHA-1 Is Dead!

History

The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated SHA-1. The use of SHA-1 web site certificates has been stopped. And now a practical collision attack against SHA-1 has been demonstrated by researchers who were able to create two different PDF files of the same length that produced an identical SHA-1 hash. The attack while practical is still a bit expensive, but I would expect speed improvements to emerge.

Hash functions like SHA-1 are used for validating the integrity of messages, software updates, and as unique signatures for data. The existence of a practical collision attack casts doubt on these applications.

SHA-1 and PCI Compliance Today

Within the realm of PCI compliance, hash functions are used to render cardholder data unreadable (PCI DSS 3.4) and to validate the integrity of software source libraries and updates (PA-DSS and DSS software development). The use of hashes in PCI to render cardholder data unreadable is already subject to a number of restrictions and caveats to prevent attackers correlating truncated (partial) PAN with hashed.

How does the Shattered attack impact these uses of SHA-1?

  • Validating the integrity of a vendor’s software updates – clearly at risk
  • Detect changes in source code control systems – unlikely to be at risk as the application is change/error detection and the source is still available
  • Rendering cardholder data unreadable – unlikely to be at risk as the hash is not used for validation
  • Use of HMAC-SHA-1 in TLS cipher suites is not yet considered at risk

If you are using SHA-1, should you be worried about your compliance?  The answer, of course, depends upon how you are using it (see above).

I would expect that the PCI Security Standards Council will make some announcements and issue clarifications as a result of this.

Organizations relying upon SHA-1 that have not yet switched to a more secure hash like SHA-256 (or better SHA-3 standardized by NIST in 2012)  should be accelerating this process and developing a strategy to address this. One of the first things you should be reaching out to your software vendors to find out what they are doing about this.

Learn More

Why Organizations Need to Become Crypto-Agile and What that Means

Why Organizations Need to Become Crypto-Agile and What that Means

Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and...

Read More
PCI DSS Version 3.1 Has Arrived

1 min read

PCI DSS Version 3.1 Has Arrived

The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration guidance:

Read More
NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe

7 min read

NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe

Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography. In 2016,...

Read More