Cryptographic Collision happens when two distinct pieces of data render the same Hash digest.

Cryptographic Collision, in practice, should never occur for Secure Hash Algorithms.

However if the Secure Hash Algorithms has some flaws, as SHA-1 does, a well-funded attacker can craft a Cryptographic Collision.

The attacker could then use this Cryptographic Collision to deceive systems that rely on hashes into accepting a malicious file in place of its benign counterpart.

SHA-1 Cryptographic Collision Example[1]#

For example, two insurance contracts with drastically different terms.

Cryptographic Collision/Collision-illustrated.png

Here are some numbers that give a sense of how large scale this computation was:

  • Nine quintillion (9,223,372,036,854,775,808) SHA-1 computations in total
  • 6,500 years of CPU computation to complete the attack first phase
  • 110 years of GPU computation to complete the second phase

While those numbers seem very large, the SHA-1 shattered attack is still more than 100,000 times faster than a Brute-Force attack which remains impractical.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
Collision-illustrated.png 61.1 kB 1 24-Feb-2017 10:51 jim SHA-1 collision
« This page (revision-3) was last changed on 24-Feb-2017 11:03 by jim