nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SHA1 collisions proven possisble

From: valdis.kletnieks () vt edu
Date: Mon, 27 Feb 2017 08:39:34 -0500
On Mon, 27 Feb 2017 07:23:43 -0500, Jon Lewis said:

On Sun, 26 Feb 2017, Keith Medcalf wrote:


So you would need 6000 years of computer time to compute the collision
on the SHA1 signature, and how much additional time to compute the
trapdoor (private) key, in order for the cert to be of any use?


1) Wasn't the 6000 years estimate from an article >10 years ago?
Computers have gotten a bit faster.


No, Google's announcement last week said their POC took 6500 CPU-years
for the first phase and 110 GPU-accelerated for the second phase.

You are totally on target on your second point.  A million node botnet
reduces it to right around 60 hours.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: