nanog mailing list archives

Re: SHA1 collisions proven possisble

From: James DeVincentis via NANOG <nanog () nanog org>
Date: Wed, 1 Mar 2017 18:38:25 -0600

Keep in mind botnets that large are comprised largely of IoT devices which have very little processing power compared 
to the massive multi-core, high frequency, high memory bandwidth (this is especially important for cryptographic 
operations) CPUs in data centers. It doesn’t take much processing power to launch DDoS attacks so that’s why IoT is 
perfect for botnets. Those botnets which have desktop grade systems are also comprised of typically older machines that 
go unpatched and do not have high end server CPUs or GPUs. A botnet is also not going to get you the high end GPUs you 
need for phase 2. Generally the people with hardcore GPUs are gamers and workstation users that push those GPUs. 
They're going to notice the GPUs being utilized abnormally. 

On top of that, the calculations they did were for a stupidly simple document modification in a type of document where 
hiding extraneous data is easy. This will get exponentially computationally more expensive the more data you want to 
mask. It took nine quintillion computations in order to mask a background color change in a PDF.

And again, the main counter-point is being missed. Both the good and bad documents have to be brute forced which 
largely defeats the purpose. Tthose numbers of computing hours are a brute force. It may be a simplified brute force, 
but still a brute force. 

The hype being generated is causing management at many places to cry exactly what Google wanted, “Wolf! Wolf!”.

On Mar 1, 2017, at 6:22 PM, valdis.kletnieks () vt edu wrote:

On Wed, 01 Mar 2017 15:28:23 -0600, "james.d--- via NANOG" said:

Those statistics are nowhere near real world for ROI. You'd have to invest
at least 7 figures (USD) in resources. So the return must be millions of
dollars before anyone can detect the attack. Except, it's already
detectable.


*Somebody* has to invest 7 figures in resources.  Doesn't have to be you.

Remember that if you have access to a 1M node botnet, you could have 56,940,000
hours of CPU time racked racked up in... under 60 hours.

Current thread:

Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble Matt Palmer (Mar 01)
  - RE: SHA1 collisions proven possisble james.d--- via NANOG (Mar 01)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Mar 01)
    - Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
    - Re: SHA1 collisions proven possisble Nick Hilliard (Mar 01)
    - Re: SHA1 collisions proven possisble Matt Palmer (Mar 01)
    - Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
    - Re: SHA1 collisions proven possisble Royce Williams (Mar 01)
    - Re: SHA1 collisions proven possisble Jimmy Hess (Mar 02)
    - Re: SHA1 collisions proven possisble valdis . kletnieks (Mar 02)
    - Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
    - Re: SHA1 collisions proven possisble Peter Kristolaitis (Mar 01)