[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SHA1 collisions proven possisble

Subject: SHA1 collisions proven possisble
From: valdis.kletnieks at vt.edu (valdis.kletnieks at vt.edu)
Date: Mon, 27 Feb 2017 08:39:34 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Mon, 27 Feb 2017 07:23:43 -0500, Jon Lewis said:
> On Sun, 26 Feb 2017, Keith Medcalf wrote:
>
> > So you would need 6000 years of computer time to compute the collision
> > on the SHA1 signature, and how much additional time to compute the
> > trapdoor (private) key, in order for the cert to be of any use?
>
> 1) Wasn't the 6000 years estimate from an article >10 years ago?
> Computers have gotten a bit faster.

No, Google's announcement last week said their POC took 6500 CPU-years
for the first phase and 110 GPU-accelerated for the second phase.

You are totally on target on your second point.  A million node botnet
reduces it to right around 60 hours.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170227/d925df9e/attachment.pgp>

References:
- SHA1 collisions proven possisble
  - From: kmedcalf at dessus.com (Keith Medcalf)
- SHA1 collisions proven possisble
  - From: jlewis at lewis.org (Jon Lewis)

Prev by Date: SHA1 collisions proven possisble
Next by Date: SHA1 collisions proven possisble
Previous by thread: SHA1 collisions proven possisble
Next by thread: SHA1 collisions proven possisble
Index(es):
- Date
- Thread