SHA1 broken?

Dave Howe DaveHowe at
Thu Feb 17 02:49:29 PST 2005

Joseph Ashwood wrote:
  > I believe you are incorrect in this statement. It is a matter of public
> record that RSA Security's DES Challenge II was broken in 72 hours by 
> $250,000 worth of semi-custom machine, for the sake of solidity let's 
> assume they used 2^55 work to break it. Now moving to a completely 
> custom design, bumping up the cost to $500,000, and moving forward 7 
> years, delivers ~2^70 work in 72 hours (give or take a couple orders of 
> magnitude). This puts the 2^69 work well within the realm of realizable 
> breaks, assuming your attackers are smallish businesses, and if your 
> attackers are large businesses with substantial resources the break can 
> be assumed in minutes if not seconds.
> 2^69 is completely breakable.
>                Joe
   Its fine assuming that moore's law will hold forever, but without 
that you can't really extrapolate a future tech curve. with *todays* 
technology, you would have to spend an appreciable fraction of the 
national budget to get a one-per-year "break", not that anything that 
has been hashed with sha-1 can be considered breakable (but that would 
allow you to (for example) forge a digital signature given an example)
   This of course assumes that the "break" doesn't match the criteria 
from the previous breaks by the same team - ie, that you *can* create a 
collision, but you have little or no control over the plaintext for the 
colliding elements - there is no way to know as the paper hasn't been 
published yet.

More information about the cypherpunks-legacy mailing list