[Cryptography] GPU farm ideas: Break SHA-1?

David Leon Gil coruus at gmail.com
Thu Aug 21 16:20:01 EDT 2014


I don't think that they had good differentials for SHA-1; I think even
the useful MD5 differentials post-date that effort.

But it would be interesting to know what they did; that information
might reduce the work-factor for an attack...

(Btw, does anyone have an opinion on whether Stevens' differentials
are likely valid?)

On Thu, Aug 21, 2014 at 11:40 AM, Tom Ritter <tom at ritter.vg> wrote:
> There was a SHA-1 Collision Search on BOINC (which is a fantastic
> platform for this sort of thing) back in 2007... I thought they met
> the computation necessary, but it failed for some reason... does
> anyone here know more about that effort?
>
> https://boinc.berkeley.edu/wiki/SHA-1_Collision_Search_Graz
>
> -tom
>
> On 20 August 2014 23:56, David Leon Gil <coruus at gmail.com> wrote:
>> A suggestion:
>>
>> Carry out Marc Steven's attack and break SHA-1. The estimated complexity of
>> his attack is 2^62-ish. (A Fermi can do about 2^30 SHA-1 evals / s, and a
>> GK110 can do > 2^31 / second, IIRC.)
>>
>> His code and thesis is online at https://code.google.com/p/hashclash
>>
>> (If you're interested in this area, message me off-list with your GPU model,
>> and I'll dust off the GPGPU micro-optimizations I have for SHA-1; they can
>> gain a factor of 1.1x to 2x over, e.g., djb's NearSHA Cuda code, depending
>> on the GPU. Of course, you may well have better optimizations in-house given
>> what your company does.)
>>
>> -dlg
>>
>> _______________________________________________
>> The cryptography mailing list
>> cryptography at metzdowd.com
>> http://www.metzdowd.com/mailman/listinfo/cryptography


More information about the cryptography mailing list