While I agree with Phil, there's one thing here which perhaps could
use some clarification:
of physics and information theory for believing that not only is it
computationally infeasible now for us to mount any kind of realistic
attack upon SHA512, but it will forever remain computationally
infeasible.
My only caveat there is this applies to brute force.
Roughly speaking, you can imagine a hash function as being sort of
like a jet engine. Stuff gets ingested, then sliced up and compressed
and mixed up and totally mangled, and at the end you've got something
coming out of the contraption.
In a jet engine, if your compressor goes out the engine fails. In a
Merkle-Damgard hash function (such as SHA-512), if the compression
stage has flaws the entire hash function is prone to failure. This is
how we knew back in 1997 that MD5 was on thin ice: although we didn't
know how to make MD5 fail, we knew how to make the compression stage
fail, and that was enough to say "please stop using MD5, failure is
imminent."
What Phil is saying -- and what I've said -- is true for brute-force
attacks. It's simply not going to happen. Ever. Breaking SHA-512 by
brute force requires a lot of energy -- more energy than a quasar puts
out over its entire lifespan, more energy than you'd find in a
galactic core explosion, an amount of energy so vast that just having
that much energy available would do horrific things to the structure
of space-time -- we're talking distortions like those found at the
surface of a neutron star. If you think I am kidding, no, I am not.
When Phil said it would require a Kardashev-3 civilization, he may
have been understating things.
However, if someone is able to find a flaw in SHA-512's compression
function then all bets are off. No one has so far been able to. Nor
have there yet been any promising avenues of research in this direction.
(For the record, every hash algorithm in OpenPGP is a Merkle-Damgard.
There are some excellent hash functions that aren't Merkle-Damgards,
though! My favorite non-Merkle-Damgard is Whirlpool, which is
basically AES turned into a hash function.)
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
