SHA1 broken?

Joseph Ashwood ashwood at
Wed Feb 16 21:06:44 PST 2005

----- Original Message ----- 
From: "James A. Donald" <jamesd at>
Subject: Re: SHA1 broken?

> 2^69 is damn near unbreakable.

I believe you are incorrect in this statement. It is a matter of public 
record that RSA Security's DES Challenge II was broken in 72 hours by 
$250,000 worth of semi-custom machine, for the sake of solidity let's assume 
they used 2^55 work to break it. Now moving to a completely custom design, 
bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 
work in 72 hours (give or take a couple orders of magnitude). This puts the 
2^69 work well within the realm of realizable breaks, assuming your 
attackers are smallish businesses, and if your attackers are large 
businesses with substantial resources the break can be assumed in minutes if 
not seconds.

2^69 is completely breakable.

More information about the cypherpunks-legacy mailing list