[Cryptography] Google announces practical SHA-1 collision attack
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Feb 23 23:36:41 EST 2017
Michael Kjörling <michael at kjorling.se> writes:
> * Nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total
> * 6,500 years of CPU computation to complete the attack first phase
> * 110 years of GPU computation to complete the second phase
> Following Google’s vulnerability disclosure policy, we will wait 90
> days before releasing code that allows anyone to create a pair of
> PDFs that hash to the same SHA-1 sum given two distinct images with
> some pre-conditions.
I would also like to announce a collision for SHA-1. Unlike Google's one,
this one only takes about ten minutes on a fully functional quantum computer.
Following the same vulnerability disclosure policy, I will wait 90 days
before releasing code that allows anyone with their own fully functioning
quantum computer to create a pair of PDFs that hash to the same SHA-1 sum
given two distinct images with some pre-conditions.
Peter.
More information about the cryptography
mailing list