[Cryptography] [FORGED] Re: Google announces practical SHA-1 collision attack

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Mar 1 17:55:39 EST 2017


Mark Steward <marksteward at gmail.com> writes:

>We do, it's all in the report and referenced papers.

As several people have pointed out, it's not in the report.  Or perhaps more
accurately there is disagreement between the authors of the report and the
people reading it as to what's in there.  From my multiple re-readings it
appears that the 6500 CPU-years is the one-off computation for a given
document and the 100 GPU years (100 GPU years, not 110 GPU hours) is for each
new collision with that document.

Another thing that the report is insufficiently clear about is that this isn't
about creating a collision with an existing document, it's about creating a
document from scratch that can be manipulated to have two different forms but
the same hash.  So it's more a badly-designed-repository-stress-tester than a
signature-forgery attack.

Peter.
     


More information about the cryptography mailing list