CWI, Google announce first collision for Industry Security Standard SHA-1

Today, researchers at the Dutch research institute CWI and Google jointly announce that they have broken the SHA-1 internet security standard in practice. This industry standard is used for digital signatures and file integrity verification, which secure credit card transactions, electronic documents, GIT open-source software repositories and software distribution. CWI cryptanalyst Marc Stevens says: “Many applications still use SHA-1, although it was officially deprecated by NIST in 2011 after exposed weaknesses since 2005. Our result proves that the deprecation by a large part of the industry has been too slow and that migration to safer standards should happen as soon as possible”.