Actually, the final challenge was solved in 23 hours, about 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding the key after only 24% of the keyspace had been searched.
More recently, RC5-64 was solved about a year ago. It took d.net 4 *years*. 2^69 remains non-trivial. Peter -----Original Message----- From: [EMAIL PROTECTED] on behalf of Dave Howe Sent: Thu 2/17/2005 5:49 AM To: Cypherpunks; Cryptography Subject: Re: SHA1 broken? Joseph Ashwood wrote: > I believe you are incorrect in this statement. It is a matter of public > record that RSA Security's DES Challenge II was broken in 72 hours by > $250,000 worth of semi-custom machine, for the sake of solidity let's > assume they used 2^55 work to break it. Now moving to a completely > custom design, bumping up the cost to $500,000, and moving forward 7 > years, delivers ~2^70 work in 72 hours (give or take a couple orders of > magnitude). This puts the 2^69 work well within the realm of realizable > breaks, assuming your attackers are smallish businesses, and if your > attackers are large businesses with substantial resources the break can > be assumed in minutes if not seconds. > > 2^69 is completely breakable. > Joe Its fine assuming that moore's law will hold forever, but without that you can't really extrapolate a future tech curve. with *todays* technology, you would have to spend an appreciable fraction of the national budget to get a one-per-year "break", not that anything that has been hashed with sha-1 can be considered breakable (but that would allow you to (for example) forge a digital signature given an example) This of course assumes that the "break" doesn't match the criteria from the previous breaks by the same team - ie, that you *can* create a collision, but you have little or no control over the plaintext for the colliding elements - there is no way to know as the paper hasn't been published yet.