It took several years but researchers have finally beat SHA-1 and found it is easily possible to have 2 different documents with the game hash value. SHA-1 was officially deprecated by NIST in 2011

SHA-1 is widely used with HTTPS certificates in addition to many other applications. SHA-1 is also widely used for file integrity.

Consider using safer alternatives, such as SHA-256, or SHA-3. Be prepared to make more changes as time progresses.

Given the problems with MD4, MD5 and now SHA-1, we have tested the idea of using dual or triple hash checks which should be much less likely to be problematic. Rainbow attacks would be eliminated as different hashes would be tripped and the fault detected. Of course this mean a redesign of security checks, but that is the only real way to fix the problems.

More bits are fine but using multiple hashes is less likely to fail.

## GOOGLE SECURITY

In 2013, Marc Stevens published a paper that outlined a theoretical approach to create a SHA-1 collision. Using a JPEG in a PDF, the work focused on the image only to find a second one with the same SHA-1 hash. Here are some numbers that give a sense of how large scale this computation was:

- Nine quintillion (9,223,372,036,854,775,808) SHA-1 computations in total
- 6,500 years of CPU computation to complete the attack first phase
- 110 years of GPU computation to complete the second phase

The research cost about $110,000 worth of Amazon’s cloud computing platform. The SHAttered project is 100,000 times faster than brute force.

## SHA-3

The NIST released SHA-3 on August 5, 2015 and we recommend its use with not less than 512 bits.

During the competition, entrants were permitted to tweak their algorithms to address issues that were discovered.

- The number of rounds was increased from 12 + ℓ to 12 + 2ℓ to be more conservative about security.
- The message padding was changed from a more complex scheme to the simple 10*1 pattern described below.
- The rate r was increased to the security limit, rather than rounding down to the nearest power of 2.

Work has so far shown SHA-3 to be fairly well designed. The workers considered the problems with older hash functions.

## RSA

RSA has also been under a lot of pressure mostly by researchers who want to see if it is robust enough. DHE has been suggested as an alternative as weakness in RSA has some experts concerned.

1024-bit keys are very weak, 2048-bit are better by about 10^{9} based on the precomputation required for the discrete logarithm algorithm. Elliptic curves are becoming popular. Quantum research has led to some advances that are causing the NSA to rethink their current standards.