nanog mailing list archives
Re: SHA1 collisions proven possisble
From: valdis.kletnieks () vt edu
Date: Mon, 27 Feb 2017 08:39:34 -0500
On Mon, 27 Feb 2017 07:23:43 -0500, Jon Lewis said:
On Sun, 26 Feb 2017, Keith Medcalf wrote:So you would need 6000 years of computer time to compute the collision on the SHA1 signature, and how much additional time to compute the trapdoor (private) key, in order for the cert to be of any use?1) Wasn't the 6000 years estimate from an article >10 years ago? Computers have gotten a bit faster.
No, Google's announcement last week said their POC took 6500 CPU-years for the first phase and 110 GPU-accelerated for the second phase. You are totally on target on your second point. A million node botnet reduces it to right around 60 hours.
Attachment:
_bin
Description:
Current thread:
- RE: SHA1 collisions proven possisble, (continued)
- RE: SHA1 collisions proven possisble David Edelman (Feb 23)
- Re: SHA1 collisions proven possisble Lyndon Nerenberg (Feb 23)
- Re: SHA1 collisions proven possisble Florian Weimer (Feb 24)
- Re: SHA1 collisions proven possisble Jimmy Hess (Feb 25)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Nick Hilliard (Feb 26)
- Re: SHA1 collisions proven possisble Brett Frankenberger (Feb 26)
- Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
- RE: SHA1 collisions proven possisble Keith Medcalf (Feb 26)
- RE: SHA1 collisions proven possisble Jon Lewis (Feb 27)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Eitan Adler (Feb 26)
- Re: SHA1 collisions proven possisble Randy Bush (Feb 27)
- Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
- Re: SHA1 collisions proven possisble Chris Adams (Feb 27)