[cabfpub] Posted on behalf of customer
pzb at amzn.com
Fri Dec 16 15:31:33 UTC 2016
And that is a year old. Last month, we announced new faster GPU options for customers. So that cost probably is even lower today.
> On Dec 16, 2016, at 7:25 AM, Erwann Abalea via Public <public at cabforum.org> wrote:
> Dr Stevens has more up to date cost estimates: https://sites.google.com/site/itstheshappening/ <https://sites.google.com/site/itstheshappening/>
> "Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015) between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months."
> Erwann Abalea
>> Le 16 déc. 2016 à 15:22, Gervase Markham via Public <public at cabforum.org <mailto:public at cabforum.org>> a écrit :
>> On 13/12/16 21:40, Ryan Sleevi via Public wrote:
>>> I understand the desire to remove SHA-1 before it has actually shown
>>> true weakness.
>> https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html <https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html> :
>> "The cost of the attack will be approximately:
>> 2^13 * 28.4 = 221.4 ~ $2.77M in 2012
>> 2^11 * 28.4 = 219.4 ~ $700K by 2015
>> 2^9 * 28.4 = 217.4 ~ $173K by 2018
>> 2^7 * 28.4 = 215.4 ~ $43K by 2021
>> A collision attack is therefore well within the range of what an
>> organized crime syndicate can practically budget by 2018, and a
>> university research project by 2021.
>> Since this argument only takes into account commodity hardware and not
>> instruction set improvements (e.g., ARM 8 specifies a SHA-1
>> instruction), other commodity computing devices with even greater
>> processing power (e.g., GPUs), and custom hardware, the need to
>> transition from SHA-1 for collision resistance functions is probably
>> more urgent than this back-of-the-envelope analysis suggests."
>> If I were going to calculate a SHA-1 collision, the certificate of a
>> machine handling tens or hundreds of thousands of credit cards a day
>> would be a reasonably obvious target, ISTM.
>> Public mailing list
>> Public at cabforum.org <mailto:Public at cabforum.org>
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public