SHA1 collisions proven possisble

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Mon Feb 27 13:39:34 UTC 2017


On Mon, 27 Feb 2017 07:23:43 -0500, Jon Lewis said:
> On Sun, 26 Feb 2017, Keith Medcalf wrote:
>
> > So you would need 6000 years of computer time to compute the collision
> > on the SHA1 signature, and how much additional time to compute the
> > trapdoor (private) key, in order for the cert to be of any use?
>
> 1) Wasn't the 6000 years estimate from an article >10 years ago?
> Computers have gotten a bit faster.

No, Google's announcement last week said their POC took 6500 CPU-years
for the first phase and 110 GPU-accelerated for the second phase.

You are totally on target on your second point.  A million node botnet
reduces it to right around 60 hours.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20170227/d925df9e/attachment.sig>


More information about the NANOG mailing list