Dev writes Ethereum code for insecure SHA-1 crypto hash function

Interaction with legacy systems but not all think it's a good idea


Using Ethereum's programming language Solidity, a dev has controversially written code for making data authentication signatures with the insecure SHA-1 cryptographic hash function.

Nick Johnson, the London-based Ethereum developer who authored the code, told The Register: "SHA1 is still used by a lot of legacy systems, including many SSL/TLS certificates, parts of DNSSEC, and Git. Being able to verify hashes produced in those systems lets us interact with them on the Ethereum blockchain."

But not all agree that's a good idea. University College London postdoctoral blockchain researcher Patrick McCorry told The Register: "This comes down to a security vs compatibility argument.

"Attacks only get better and we as a community should do our best to move away from broken algorithms." But he conceded that "many protocols in the web still rely on SHA-1 and this works OK because the cost (and time) to find a collision is still absurdly high".

The US National Security Agency and National Institute of Standards and Technology came up with the basic algorithms for making the SHA-1 signatures in the 90s. They're widely used for proving that data – from software code to emails and website certificates – hasn't been altered.

But in February, researchers found a way to change a PDF and leave its SHA-1 signature the same – a "collision" – which means SHA-1 is now essentially useless for proving documents haven't been altered.

An issue was opened in November 2016 on the Ethereum GitHub repo for a precompiled contract for the SHA-1 hashing algorithm, in order to verify different services on-chain at lower cost than running it on the network.

Johnson admitted: "SHA-1 should definitely not be used for new applications. There are a lot of existing systems out there that use it, however, and it's useful to be able to interact with those systems without waiting for them to upgrade to a newer hash function that is supported by Ethereum."

While it boasts a decentralised system for running applications from video games to digital ledgers with a little bit of extra privacy than everyday apps, Ethereum is certainly not watertight. The network rolled back its ledger to undo a $50m heist in 2016 and a hackathon just last month found a few new ways for writing malicious smart contracts that can steal funds.

"If we want contracts that are compatible with existing (and legacy) infrastructure then it needs to be supported," McCorry said. ®

Similar topics


Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022