‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, December 30, 2020 6:04 AM, grarpamp <grarpamp@gmail.com> wrote:
https://eprint.iacr.org/2020/014 SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust ... We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2 rather than 264.7, and chosen-prefix collisions with a complexity of 263.4 rather than 267.1. When renting cheap GPUs, this translates to a cost of 11k US\$ for a collision, and 45k US\$ for a chosen-prefix collision, within the means of academic researchers. Our actual attack required two months of computations using 900 Nvidia GTX 1060 GPUs (we paid 75k US\$ because GPU prices were higher, and we wasted some time preparing the attack). Therefore, the same attacks that have been practical on MD5 since 2009 are now practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes and handshake security in secure channel protocols (TLS, SSH).
someone could warm some GPUs and really make a mess of commits to public repos. (yes, git uses SHA1 :) see also https://github.com/bk2204/git/blob/transition-stage-4/Documentation/technica... best regards,