Researchers at CWI and Google won the Pwnie Award for Best Cryptographic Attack 2017 for being the first to break the SHA-1 internet security standard in practice in February. They received the prize on 26 July, during the BlackHat USA security conference in Las Vegas. The team consisted of Marc Stevens (CWI), Elie Bursztein (Google), Pierre Karpman (CWI), Ange Albertini and Yarik Markov (Google). The prize is a recognition for the most impactful cryptographic attack against real-world systems, protocols or algorithms, and the winners are selected by security industry professionals. The nominated read: “The SHAttered attack team generated the first known collision for full SHA-1. (…) A practical collision like this, moves folks still relying on a deprecated protocol to action.”
The research team also won the CRYPTO 2017 Best Paper Award on 22 August, during the CRYPTO 2017 conference in Santa Barbara. Although SHA-1 is deprecated, it is still used for digital signatures and file integrity verification, securing credit card transactions, electronic documents, GIT open-source software repositories and software distribution. On 17 August, Stevens and Daniel Shumow (Microsoft Research) presented an improved real-time SHA-1 collision detection at the USENIX Security conference in Vancouver, which is now used by default in Git, GitHub, Gmail, Google Drive, and Microsoft OneDrive.
Marc Stevens at the CRYPTO 2017 Best Paper Award lecture.
The CRYPTO 2017 Best Paper Award winning team. Photos source: Marc Stevens.
More information: https://shattered.io.
