[Cryptography] Google announces practical SHA-1 collision attack
Peter Todd
pete at petertodd.org
Wed Mar 1 18:02:50 EST 2017
On Tue, Feb 28, 2017 at 09:18:36AM -0500, Theodore Ts'o wrote:
> If I'm not mistaken, those are the costs for the *second* phase of the
> attack (110 GPU years). However, you have to first carry out the
> *first* phase of the attack, which takes 6200 CPU years.
>
> Aside from throwing out numbers which are much scarier, which make for
> good headlines and scaring clients to score more consulting time, is
> there a reason why people are fixated on the 110 GPU year "second
> phase" number, and not the 6200 GPU years "first phase" number?
I personally read the announcement as 6200 CPU years *or* 110 GPU years, and
wrote some incorrect comments saying it was just 110 GPU years. I'm sure I'm
not alone in that misunderstanding.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170301/4d9ad5b0/attachment.sig>
More information about the cryptography
mailing list