Why Did Telegram Switch from SHA-1 to SHA-256?
SHA-1: A Thing of the Past
SHA-1, once one of the most widely used cryptographic hash functions on the internet, has been considered obsolete since around 2015. The time and financial resources required to break SHA-1 have dropped much faster than originally anticipated. According to cybersecurity researchers, SHA-1 is now so weak that it can be cracked by hackers who are not even highly skilled.
The SHA-1 algorithm was developed in 1995 by NSA specialists as part of a digital signature algorithm. Like other hash functions, SHA-1 converts any input message into a long string of numbers and letters, serving as a cryptographic fingerprint for the message.
These cryptographic fingerprints are only useful if they are unique. If two different messages generate the same hash (a situation known as a hash collision), attackers could exploit this to compromise the security of banking transactions, software downloads, or any website connection.
Researchers from Centrum Wiskunde & Informatica (Netherlands), Inria (France), and Nanyang Technological University (Singapore) published a report showing that SHA-1 is vulnerable to attacks called Freestart Collisions. Attackers look for hash collisions, where a single hash value corresponds to two different messages. Such collisions can be used to forge digital signatures, allowing hackers to break connections encrypted with SHA-1.
Currently, breaking SHA-1 costs only about $75,000 to $120,000. Back in 2012, researchers estimated that such an attack would cost hackers at least $700,000 in 2015 and $173,000 in 2018. The cost has dropped due to a new technique called the “boomerang,” which allows for rapid detection of SHA-1 collisions.
Cybersecurity experts strongly recommend that administrators switch from SHA-1 to more secure hash algorithms like SHA-2 and SHA-3. It’s worth noting that SHA-2 was also developed by NSA experts, while SHA-3 was created by a group of independent specialists.
Telegram’s Transition
Last week, the messaging app Telegram switched its cryptographic hashing algorithm from SHA-1 to SHA-256. As Telegram founder Pavel Durov explained to the publication “Roem,” the switch was made because the community feels “more comfortable” with SHA-256.
According to Durov, in Telegram’s implementation, it doesn’t really matter which of the two algorithms is used, “but most cryptographers feel better when SHA-1 isn’t mentioned anywhere.”
Telegram’s technical lead Nikolai Durov previously did not see the need to switch from SHA-1 to SHA-256. However, as cybersecurity expert Andrey Leonov from Group-IB told RBC, SHA-1 is not a reliable algorithm, and there are now techniques that can reveal or alter Telegram data. With SHA-256, the data is much more securely protected. “There are not even theoretical algorithms that suggest an attack on SHA-256 is possible,” Leonov noted.
Alexey Raevsky, CEO of Zecurion, confirmed Durov’s statement that it doesn’t matter to Telegram which of the two algorithms is used. According to Raevsky, SHA-1 is vulnerable if used for digital signatures. Since Telegram does not use such signatures, the SHA-1 vulnerability does not pose a serious threat to the service.
Sources:
- ru.wikipedia.org