SHA1 collisions proven possisble
Jon Lewis
jlewis at lewis.org
Mon Feb 27 12:23:43 UTC 2017
On Sun, 26 Feb 2017, Keith Medcalf wrote:
> So you would need 6000 years of computer time to compute the collision
> on the SHA1 signature, and how much additional time to compute the
> trapdoor (private) key, in order for the cert to be of any use?
1) Wasn't the 6000 years estimate from an article >10 years ago?
Computers have gotten a bit faster.
2) I suspect the sort of person interested in doing this, unburdened by
ethics, would have no issues using a large botnet to speed up the process.
How long does it take if you have a million PCs working on the problem?
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list