Yipes! This is a pretty major result.
Background refresh: SHA-1 is the most popular crypto hash function. A hash function takes a certain amount of data (a string) and calculates a fixed size "digest" (a number) of the data. The algorithm that creates the digest must have the following characteristics:
- It must be impossible to recreate the original string from the digest
- It must be next to impossible to find a "collision", which means two different strings should never create the same digest
SHA-1 is used for email digital signatures, web connections encryption, pretty much everything that uses a digest to uniquely identify a message. So for example, if I want to digitally sign an email, the process of doing so first creates a "digest" of the message. I then encrypt the digest (not the message) with my private key (which only I know), and attach it to the email. If you want to confirm that I was the person who "signed" the message, you take my public key (which everyone knows) and use that to decrypt the digest. Then you perform the same digest creation on your machine on the content of the message: if the digest you created matches the one I sent to you encrypted, then there is no way someone else could have sent it unless they somehow got hold of my private key.
This is of course why private keys should remain exactly that: private.
End background refresh.
What the current paper means is that they have significantly reduced the complexity of a brute-force attack, which could result in someone changing a small part of a text, in such a way that the digests still equate. Still a lot of heavy lifting under the cover to do that, and it's not like someone could publish a toolkit tomorrow with these results and let you change that signed email order for a million widgets at $1 a piece into an offer to give you ten free iPods, but it's a very troubling result.Link