SHA1 collisions proven possisble

Jon Lewis jlewis at
Mon Feb 27 12:23:43 UTC 2017

On Sun, 26 Feb 2017, Keith Medcalf wrote:

> So you would need 6000 years of computer time to compute the collision 
> on the SHA1 signature, and how much additional time to compute the 
> trapdoor (private) key, in order for the cert to be of any use?

1) Wasn't the 6000 years estimate from an article >10 years ago? 
Computers have gotten a bit faster.

2) I suspect the sort of person interested in doing this, unburdened by 
ethics, would have no issues using a large botnet to speed up the process. 
How long does it take if you have a million PCs working on the problem?

  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ for PGP public key_________

More information about the NANOG mailing list