![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: SHA1 collisions proven possisble
From: Nick Hilliard <nick () foobar org>
Date: Sun, 26 Feb 2017 23:15:58 +0000
Patrick W. Gilmore wrote:
I repeat something I've said a couple times in this thread: If I can somehow create two docs with the same hash, and somehow con someone into using one of them, chances are there are bigger problems than a SHA1 hash collision.
This collision turns a theoretical aspiration into a simple matter of financials, and those financials will only reduce over time. The incident needs to be taken in the context of how md5, rc4 and other hash functions were relentlessly battered to death over time. After the first collisions are found in a hash function, exploits only improve, so NIST's advice in 2004 to retire all SHA1 usage by 2010 was sound.
From a practical point of view, the danger that this presents is
hypothetical for most people right now. It's just not worth spending 6000 years of CPU time in order to steal €1000 from someone's bank. But by the same token, there are plenty of people in the world who would be happy to invest this sort of computing power if the target were valuable enough. Nick
Current thread:
- Re: SHA1 collisions proven possisble, (continued)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 23)
- Re: SHA1 collisions proven possisble Vincent Bernat (Feb 24)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 24)
- Re: SHA1 collisions proven possisble Ricky Beam (Feb 23)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 23)
- RE: SHA1 collisions proven possisble David Edelman (Feb 23)
- Re: SHA1 collisions proven possisble Lyndon Nerenberg (Feb 23)
- Re: SHA1 collisions proven possisble Florian Weimer (Feb 24)
- Re: SHA1 collisions proven possisble Jimmy Hess (Feb 25)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Nick Hilliard (Feb 26)
- Re: SHA1 collisions proven possisble Brett Frankenberger (Feb 26)
- Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
- RE: SHA1 collisions proven possisble Keith Medcalf (Feb 26)
- RE: SHA1 collisions proven possisble Jon Lewis (Feb 27)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)
- Re: SHA1 collisions proven possisble Patrick W. Gilmore (Feb 26)
- Re: SHA1 collisions proven possisble Eitan Adler (Feb 26)
- Re: SHA1 collisions proven possisble Randy Bush (Feb 27)
- Re: SHA1 collisions proven possisble Matt Palmer (Feb 26)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Feb 27)