> Differential Path for SHA-1 with complexity O(2**52) > Cameron McDonald, Philip Hawkes, and Josef Pieprzyk > Macquarie University > > http://eprint.iacr.org/2009/259.pdf
I wonder now with this new improved differential path if any distributed computations may be forming to finally create a SHA-1 collision? (I have a small side bet resting on the outcome...) I checked http://boinc.iaik.tugraz.at/ this morning, a distributed SHA-1 collision search whichhad been going on since 2007 based on a method with an estimated cost of 2^60+. However I see that the project page announces that the effort has been suspended as of May 12, 2009 "due to lack of progress". I wonder if the suspension may also be related to this new method, reports of which had begun to leak out by that time. 2^52 work should lower the bar substantially, although it would still be a major task for a single organization. It would be great if the authors of the improved path could be the ones to announce a collision, but it sounds like they are more theoretically than practically oriented: "We believe that practical collisions are now within reach of a dedicated system. We are continuing our search for more differential paths with a maximum number of auxiliary paths." (Rather than, "we are abandoning our search for more differential paths and working to try to find a real collision using this one." ;) Hal Finney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com