[Cryptography] Google announces practical SHA-1 collision attack
Phillip Hallam-Baker
phill at hallambaker.com
Wed Mar 1 12:53:53 EST 2017
We do not know the full attack yet. But I suggest that reading between the
lines in the release we will find that it involves finding a weak point
where the planets align and the SHA-1 internal state collapses to a small
work factor and then looking for an exploit for that weak point.
It is very likely that finding a second exploit for the same weak point
requires only the 110 GPU hours...
Another point to ponder is that while CPUs are not getting much faster year
on year, GPUs still follow Moore's law. I remember when cracking DES went
from Deep Crack and custom VLSI to a $30K machine to a standard GPU...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170301/531dff03/attachment.html>
More information about the cryptography
mailing list