Researchers at CWI and Google have won the Pwnie Award for Best Cryptographic Attack. They were awarded the prize for being the first to break the SHA-1 internet security standard in practice.
The Pwnie Awards are awarded annually, in recognition of both excellence and failures in the field of information security. The categories range from ‘lifetime Achievement’ to ‘most epic fail’. Winners are selected by a committee of security industry professionals, and are presented with their awards at at the BlackHat USA security conference.
The Award for Best Cryptographic Attack gets awarded annually to the researchers who discovered the most impactful cryptographic attack against real-world systems, protocols, or algorithms. The awards offer a tongue-in-cheek alternative to scientific prizes. “This isn't some academic conference where we care about theoretical minutiae in obscure algorithms, this category requires actual pwnage”, reads the Pwnie Awards website.
Marc Stevens of CWI's Cryptology group was nominated alongside team members Elie Bursztein, Pierre Karpman, Ange Albertini and Yarik Markov, for being the first to break the SHA-1 internet security standard in practice. Their nominated read: “The SHAttered attack team generated the first known collision for full SHA-1. The team produced two PDF documents that were different that produced the same SHA-1 hash. The techniques used to do this led to an a 100k speed increase over the brute force attack that relies on the birthday paradox, making this attack practical by a reasonably well-funded adversary. A practical collision like this, moves folks still relying on a deprecated protocol to action.”
More information
CWI and Google announce first collision for Industry Security Standard SHA-1