[Cryptography] blake2b 160

jamesd at echeque.com jamesd at echeque.com
Sun Jan 6 19:03:16 EST 2019


On 06/01/2019 00:29, Jonathan Thornburg wrote:
> On Sat, Jan 05, 2019 at 10:16:40AM +0800, jamesd at echeque.com wrote:
>> Obviously a nation state can calculate 2^80 hashes easily enough, but in
>> order to find which two of them can collide would need to store and sort
>> 2^80 hashes, which looks to me to be far beyond the resources of any present
>> nation state, or the likely resources of any nation state in the reasonably
>> foreseeable future.
> 
> Would the following method provide a practical-for-the-NSA attack?
> 
> https://www.semanticscholar.org/paper/Parallel-hash-collision-search-by-Rho-method-with-Weber-Zhang/a953b65f6feb9dae15f5cb0d9458579836a1199e
> 
> Parallel hash collision search by Rho method with distinguished points
> 
>    Brian Weber, Xiaowen Zhang
>    Published 2018 in 2018 IEEE Long Island Systems, Applications and...


Looks like it, for the NSA.

Rough guess is that 160 bits would fail against custom, massively 
parallel hardware using this method, and 256 bits would succeed in 
resisting the attack.

But that is just my back of the envelope calculation resting on a wild 
assed guess.

Does anyone have any good justification that 256 bits is safe?



More information about the cryptography mailing list