[cabfpub] Posted on behalf of customer
Erwann Abalea
Erwann.Abalea at docusign.com
Fri Dec 16 15:25:13 UTC 2016
Dr Stevens has more up to date cost estimates: https://sites.google.com/site/itstheshappening/
"Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015) between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months."
Cordialement,
Erwann Abalea
Le 16 déc. 2016 à 15:22, Gervase Markham via Public <public at cabforum.org<mailto:public at cabforum.org>> a écrit :
On 13/12/16 21:40, Ryan Sleevi via Public wrote:
I understand the desire to remove SHA-1 before it has actually shown
true weakness.
https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html :
"The cost of the attack will be approximately:
2^13 * 28.4 = 221.4 ~ $2.77M in 2012
2^11 * 28.4 = 219.4 ~ $700K by 2015
2^9 * 28.4 = 217.4 ~ $173K by 2018
2^7 * 28.4 = 215.4 ~ $43K by 2021
A collision attack is therefore well within the range of what an
organized crime syndicate can practically budget by 2018, and a
university research project by 2021.
Since this argument only takes into account commodity hardware and not
instruction set improvements (e.g., ARM 8 specifies a SHA-1
instruction), other commodity computing devices with even greater
processing power (e.g., GPUs), and custom hardware, the need to
transition from SHA-1 for collision resistance functions is probably
more urgent than this back-of-the-envelope analysis suggests."
If I were going to calculate a SHA-1 collision, the certificate of a
machine handling tens or hundreds of thousands of credit cards a day
would be a reasonably obvious target, ISTM.
Gerv
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20161216/29b41e8a/attachment-0003.html>
More information about the Public
mailing list