Introducing the 2024 PKI & Digital Trust Report     | Download the Report

  • Home
  • Blog
  • Freestart Collision for SHA-1

Freestart Collision for SHA-1

Many of you know that the cryptographic hash algorithm SHA-1 is in the process of being deprecated, due primarily to the hashing algorithm’s susceptibility to collision attacks. I first wrote about this back in 2011:

This week, researchers have announced the discovery of a dramatically new and efficient way to calculate collisions found in SHA-1’s compression function.

Researchers Marc StevensPierre Karpman, and Thomas Peyrin released a new hash attack called “Freestart Collisions”( This new attack on SHA-1 has dramatically reduced the time it takes to calculate SHA-1 collisions. More importantly, this work serves to illustrate the overall weakness of SHA-1.

Researchers using “Freestart Collisions” have demonstrated that SHA-1 hash collisions can be computed in under 10 days, using $75k-$125K of rented computer server time. This dramatically lowers the bar, and makes the creation of SHA-1 collisions much more affordable to malicious groups and agents an entire two years ahead of earlier predictions.

Noting this new timeline, CSS recommends that the use of SHA-1 be phased out as soon a practically possible. This will necessitate the adoption of SHA-2 based systems throughout corporations worldwide, requiring both integration and migration planning.

But given this new understanding of the risks associated with the continued use of SHA-1, I believe SHA-2 adoption costs have never been easier to justify.