Academics Improve SHA-1 Collision Attack, Make It Actually Dangerous

An anonymous reader writes: 'Attacks on the SHA-1 hashing algorithm just got a lot more dangerous last week with the discovery of the first-ever 'chosen-prefix collision attack,' a more practical version of the SHA-1 collision attack first carried out by Google two years ago,' reports ZDNet. Google's original research allowed attackers to force duplicates for specific files, but this process was often at random. A new SHA-1 collision attack variation (a chosen-prefix attack) detailed last week allows attackers to choose what SHA-1-signed files or data streams they want to forge on demand, making SHA-1 an attack that is now practical in the real world, albeit at a price tag of $100,000 per collision.

Read more of this story at Slashdot.