SHA1 broken?

[Dave Howe]

Eugen Leitl wrote:
> On Sat, Feb 19, 2005 at 03:53:53PM +0000, Dave Howe wrote:
>>I wasn't aware that FPGA technology had improved that much if any - feel
>>free to correct my misapprehension in that area though :)
> FPGAs are too slow (and too expensive), if you want lots of SHA-1
> performance,
> use a crypto processor (or lots of forthcoming C5J mini-ITX boards), or an
> ASIC.
> Assuming, fast SHA-1 computation is the basis for the attack -- we do not
> know that.
   Indeed so. however, the argument "in 1998, a FPGA machine broke a DES 
key in 72 hours, therefore TODAY..." assumes that (a) the problems are 
comparable, and (b) that moores law has been applied to FPGAs as well as 
CPUs.
   I am unaware of any massive improvement (certainly to the scale of 
the comparable improvement in CPUs) in FPGAs, and the ones I looked at a 
a few days ago while researching this question seemed to have pretty 
much the same spec sheet as the ones I looked at back then. However, I 
am not a gate array techie, and most of my experience with them has been 
small (two-three chip) devices at very long intervals, purely for my own 
interest. It is possible there has been a quantum leap foward in FPGA 
tech or some substitute tech that can perform massively parallel 
calculations, on larger block sizes and hence more operations, at a 
noticably faster rate than the DES cracker could back then.
Schneier apparently believes there has been - but is simply applying 
moore's law to the machine from back then, and that may not be true 
unless he knows something I don't (I assume he knows lots of things I 
don't, but of course he may not have thought this one though :)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com