$10M breaks MD5 in 24 days

[Perry E. Metzger]

Hal says:
> The Secure Hash Standard (SHS, aka SHA) is, they said, 64K times slower,
> hence this technique would take 64K times longer (or cost ~64K times
> more?) to break that hash.

Well, I suppose this demonstrates that the NSA knew what they were
doing when they set the SHA's length to 160 bits. Let it never be said
that they aren't right on top of everything...

Perry