[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHA1 collision found
-----BEGIN PGP SIGNED MESSAGE-----
On 02/25/2017 04:29 PM, bbrewer wrote:
>> On Feb 23, 2017, at 10:18 PM, Marina Brown
>> <catskillmarina AT gmail.com> wrote:
>> What does it take to create 2 keys with the same SHA-1 sum ? My
>> limited imagination thinks it would take a long time or a huge
>> amount of processing power.
>> — Marina
> "Who is capable of mounting this attack? This attack required over
> 9,223,372,036,854,775,808 SHA1 computations. This took the
> equivalent processing power as 6,500 years of single-CPU
> computations and 110 years of single-GPU computations.”
> via https://shattered.io/
Or in other words, just 110 GPUs can find the same collision in a
year; 40,000 can do it in a day. When one's threat model includes
State and Corporate actors, that's not so good.
In the context of security as a spending contest, weighing the cost of
defending an asset vs. the cost of compromising the asset, SHA1 is not
broken except in a few cases involving very value assets and very
motivated attackers. But the security of SHA1 will continue to
decline over time as number crunching gets cheaper, and a tipping
point is coming.
I figure bits are cheap and so is the "authorized users" end of crypto
maths; bigger hashes (and keys) are harmless at worst and /may/ defeat
attacks one does not suspect an adversary has. So rolling in SHA-2
could be a "now" thing. Figuring out when to deprecate then EOL SHA-1
is the remaining open question.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----