[Cryptography] Google announces practical SHA-1 collision attack
Tom Mitchell
mitch at niftyegg.com
Sat Feb 25 17:47:30 EST 2017
On Thu, Feb 23, 2017 at 8:36 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> Michael Kjörling <michael at kjorling.se> writes:
>
> > * Nine quintillion (9,223,372,036,854,775,808) SHA1 computations
>
....
>
> > Following Google’s vulnerability disclosure policy, we will wait 90
>
.....
> I would also like to announce a collision for SHA-1. Unlike Google's one,
> this one only takes about ten minutes on a fully functional quantum
> computer.
>
This is rather interesting, I suspect it is tongue in cheek.
There are folk working on quantum computers
and they may get one working in a year, five years, twenty... never.
If they do then one machine could bust six an hour 7x24 x365.25...
The first nation with such a machine and intent to dominate others
would have quite an advantage.
It seems digital signature tech as used to update software for the likes
of Apple, Microsoft, Google and more need to think about what happens
in the first week of a ten minute attack breakthrough.
This also applies to IOT devices where the sheer numbers mater.
Those looking at designs intended to replace SHA-1 might ponder
the risk that the next choice fall faster and more completely than this
wake up call announcement.
An army of hacked IOT devices and clever software could reduce
attack times to less than ten min and then things get difficult to
tidy up.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170225/8577797d/attachment.html>
More information about the cryptography
mailing list