shattered.io reported on Thursday, February 23 that SHA-1, an industry cryptographic hash function standard, has been broken in practice.
Quoted in Ars Technica, one of the lead researchers on the team that broke SHA-1, Marc Stephens, said:
"As an example of the insecurity of SHA1 [the identical-prefix collision] is very meaningful. Chosen-prefix collisions are more powerful and relieve an attacker from some constraints, but identical-prefix collisions can be just as dangerous with a very creative attacker. It is hard to say which things you can’t do with an identical-prefix collision.
But we do know quite some demonstrated threats using identical-prefix collisions: certificates with identical names and different pubkeys, PDF files, PostScript files, TIFF files, JPEG files, Word files, file archives, signed software, Email message/attachment PGP/GPG signatures."
The attack proof provided by the team, and available from shattered.io, happens to use two PDF files that display different content, yet have the same SHA-1 digest.
PDF implementers should take note that ISO 32000-2 (PDF 2.0) deprecates SHA-1. PDF 2.0, which has been (mostly) final for a year now, is in its final editing phase now, and is expected before summer.
The PDF Association is the meeting-place of the PDF industry. The staff of the PDF Association are dedicated to delivering the information, services and value the members have come to expect. Staff members of the PDF Association include: Duff Johnson (Chief Executive Officer) Thomas Zellmann (PDF Evangelist) Matthias Wagner (Operations Director) Alexandra Oettler (Editor) Nicole Gauger (Editor)