[cabfpub] Posted on behalf of customer

Erwann Abalea Erwann.Abalea at docusign.com
Fri Dec 16 15:25:13 UTC 2016

Dr Stevens has more up to date cost estimates: https://sites.google.com/site/itstheshappening/

"Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015) between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months."

Erwann Abalea

Le 16 déc. 2016 à 15:22, Gervase Markham via Public <public at cabforum.org<mailto:public at cabforum.org>> a écrit :

On 13/12/16 21:40, Ryan Sleevi via Public wrote:
I understand the desire to remove SHA-1 before it has actually shown
true weakness.

https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html :

"The cost of the attack will be approximately:

   2^13 * 28.4 = 221.4 ~ $2.77M in 2012

   2^11 * 28.4 = 219.4 ~ $700K by 2015

   2^9 * 28.4 = 217.4 ~ $173K by 2018

   2^7 * 28.4 = 215.4 ~ $43K by 2021

A collision attack is therefore well within the range of what an
organized crime syndicate can practically budget by 2018, and a
university research project by 2021.

Since this argument only takes into account commodity hardware and not
instruction set improvements (e.g., ARM 8 specifies a SHA-1
instruction), other commodity computing devices with even greater
processing power (e.g., GPUs), and custom hardware, the need to
transition from SHA-1 for collision resistance functions is probably
more urgent than this back-of-the-envelope analysis suggests."

If I were going to calculate a SHA-1 collision, the certificate of a
machine handling tens or hundreds of thousands of credit cards a day
would be a reasonably obvious target, ISTM.

Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161216/29b41e8a/attachment-0003.html>

More information about the Public mailing list