Google is encouraging businesses and security practitioners to utilize cryptographic hashes like SHA-256, a Secure Hash Algorithm which serves as the basis of the Bitcoin network’s proof of work (PoW) algorithm.
Over the past few years, cryptographers have warned businesses against the use of SHA-1, a hash algorithm which was quite popular until 2014. The Google development and technical team discovered the world’s first SHA-1 collision, which effectively breaks the algorithm for good. With the collision, cyber criminals will be able to insert malware into sites or platforms still utilizing SHA-1.
Most websites have already moved on from SHA-1 even before cryptographers began to warn the industry about the security issues of the algorithm. In fact, it will be difficult for attackers to find websites or platform that still rely on SHA-1 to protect their properties.
For Google, finding a SHA-1 collision was more of a statement to the industry that Google is one of the most dedicated and advanced security practitioners in the industry. Since the development of the collision required a significant amount of resources and talented minds, not many organizations were keen breaking an algorithm system which the industry has already moved on from.
The discovery of the collision which took Google nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total, 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase, is essentially a warning sign for the industry to practice efficient, secure and up to date encryption methods ultimately for the benefit of their users.
“Moving forward, it’s more urgent than ever for security practitioners to migrate to safer cryptographic hashes such as SHA-256 and SHA-3. Following Google’s vulnerability disclosure policy, we will wait 90 days before releasing code that allows anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some preconditions.”
Bitcoin businesses as role models of dedicated security practitioners
Over the past two years, security measures and systems of Bitcoin businesses have significantly improved, primarily due to the fear of businesses against community outrage.
When Bitcoin exchanges are compromised, they often lose tens of millions of dollars worth of Bitcoin and at the current rate of growth of the Bitcoin industry, even major Bitcoin exchange will not be able to refund stolen Bitcoin immediately to their users, as seen in the Bitfinex hack last year.
Companies like Coinbase and Blockchain have set industry standards for other businesses to follow when it comes to security. Coinbase hasn’t been compromised by an external attack so far and it is virtually not possible for Blockchain to experience theft of funds as their Bitcoin wallet platform is non-custodial.
Google encouraged businesses to adopt the Bitcoin network’s SHA-256 algorithm to empower security and encryption. While that quite different from the security protocols implemented by leading Bitcoin companies, it can be said that both the Bitcoin network and the industry are setting examples for the technology industry in general, spurring the demand and supply of non-backdoorable hardware and software.