------ Forwarded Message From: Rodney Joffe <[EMAIL PROTECTED]> Date: Wed, 16 Feb 2005 07:36:36 -0700 To: Dave Farber <[EMAIL PROTECTED]> Subject: SHA-1 cracked?
For IP
Hi Dave,
Bruce Schneier is reporting in his blog that SHA-1 appears to have been broken by a Chinese group, and that is has collisions "in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.".
This could have non-trivial implications for many current commercial operations.
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
A work factor of 2^69 is still a serious amount of work. At a thousand million trials a second, that's still well over 17 years. I doubt you can get anything like that speed without _serious_ expenditure. For reference, a middling PC can do around 200k single block SHA-1's a second. So, multiply that by 5 million to get it down to 17 years, assuming all you have to do is hash.
Of course, we don't have the details yet, but this is not the sky falling on our heads (yet).
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
