Fwd: Potential SHA 1 Hack Using Distributed Computing - Near Miss(es) May be Good Enough

Christian Rechberger christian.rechberger at TUGraz.at
Wed Aug 15 11:07:09 EDT 2007


Quoting Paul Hoffman <paul.hoffman at vpnc.org>:

> At 11:31 PM +0200 8/14/07, Christian Rechberger wrote:
>> The mentioned article is indeed confusing, the information in there  
>> took apparently several hops.
>
> Welcome to the world of public cryptography! :-) At least I haven't  
> seen anyone so far suggest that you will find pre-images.

Stay tuned, you never know ;-)
Something similar happened last year with our example for "meaningful   
collisions" for SHA-1 to reduced to 80% of its steps. We gave two  
meaningful but different ASCII texts followed by some random chunk as  
an example of our new technique back then. Suddenly someone invented  
HTML as an example of another application that ended up on a newsticker.



>> To address your questions: Indeed, we have our own "path", but more  
>> importantly we developed a new method to speed-up generation and  
>> testing of candidate message pairs and apply it to SHA-1. The  
>> resulting work factor is still quite high, hence we ask for  
>> contributions via the BOINC framework.
>
> Is there any estimation of how high? Specifically, do you believe  
> there is a good chance of having less work effort than the current  
> Wang strategy?

Seriously, if we wouldn't be convinced that the new method is more  
efficient than anything else we know of and hence interesting enough  
to explore further, we wouldn't have started such a project. So yes,  
this is much faster than Wang's published method, and based on all we  
know also faster than what is estimated for Wang's latest unpublished  
methods.

Exact comparison is a complicated and delicate issue, and I have to  
put you of to our upcoming paper on that issue. Your contribution of  
CPU cycles is of course very welcome.

>> More information on cryptanalytic details, type of collision, and  
>> resulting work factor will appear later this year.
>
> That's good to hear. It would also be interesting if you could keep  
> a running meter of approximately how much work you are getting from  
> the participants. This isn't nearly as "sexy" as finding ETs or even  
> protein folding...

We first plan to provide support for more platforms to increase the  
size of our potential user base, but next, some meaningful statistics  
are indeed on our todo-list.

-Christian
   (only sporadic access to mail this week)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list