<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Feb 23, 2017 at 8:36 PM, Peter Gutmann <span dir="ltr"><<a href="mailto:pgut001@cs.auckland.ac.nz" target="_blank">pgut001@cs.auckland.ac.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Michael Kjörling <<a href="mailto:michael@kjorling.se">michael@kjorling.se</a>> writes:<br>
<br>
> * Nine quintillion (9,223,372,036,854,775,808) SHA1 computations<br></span></blockquote><div>.... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
<br>
> Following Google’s vulnerability disclosure policy, we will wait 90<br></span></blockquote><div>..... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I would also like to announce a collision for SHA-1. Unlike Google's one,<br>
this one only takes about ten minutes on a fully functional quantum computer.<span class="HOEnZb"><font color="#888888"><br></font></span></blockquote><div><br></div><div>This is rather interesting, I suspect it is tongue in cheek.<br>There are folk working on quantum computers<br>and they may get one working in a year, five years, twenty... never. <br>If they do then one machine could bust six an hour 7x24 x365.25...<br></div><div><br>The first nation with such a machine and intent to dominate others</div><div>would have quite an advantage.<br><br>It seems digital signature tech as used to update software for the likes <br>of Apple, Microsoft, Google and more need to think about what happens <br>in the first week of a ten minute attack breakthrough. <br>This also applies to IOT devices where the sheer numbers mater.<br><br>Those looking at designs intended to replace SHA-1 might ponder <br>the risk that the next choice fall faster and more completely than this<br>wake up call announcement. <br><br>An army of hacked IOT devices and clever software could reduce<br>attack times to less than ten min and then things get difficult to <br>tidy up.<br><br><br></div><div><br></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>