Don’t Mix Up SHA-1 Hashed Passwords with SHA-1 Signed Certificates

We really must get better at articulating technical risk. I read an article recently around a recent hack for SHA-1 hashed passwords, and where this was then linked to the SHA-1 signature on a digital certificate. The risk on these is not quite the same. For SHA-1 hashed passwords, the actual method of SHA-1 doesn’t really have an weaknesses, but people select passwords which can be guessed from a dictionary, or even from brute force. For example, Hashcat knows that you put an uppercase letter first, and the number at the end, and that you use a ‘0’ instread of an ‘O’. It thus tries lots of different permutations, and will often get the right one. And so we now use slower hashing methods — such as Bcrypt — to slow the whole thing down. The risk of cracking SHA-1 hashed password is thus HIGH.

But what about validating things have not changed? Well for that we can use a hash for, and check the hash against the content. Unfortunately there’s only a finite number of hashes, so it will be possible to come up with the same hash for different content. For MD5 we had 128 bits, and so has 2¹²⁸ different hashes. Unfortunately, it doesn’t take too long to create a collision, and where we have different content producing the same hash. Recently, though, Mat McHugh showed that he could produce the same hash signature for different images, using…