SHA1 collision found

[Steve Kinney]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 02/25/2017 04:29 PM, bbrewer wrote:
> 
>> On Feb 23, 2017, at 10:18 PM, Marina Brown 
>> <catskillmarina at gmail.com> wrote:
>> 
>> 
>> What does it take to create 2 keys with the same SHA-1 sum ? My 
>> limited imagination thinks it would take a long time or a huge 
>> amount of processing power.
>> 
>> — Marina
> 
> "Who is capable of mounting this attack? This attack required over 
> 9,223,372,036,854,775,808 SHA1 computations. This took the 
> equivalent processing power as 6,500 years of single-CPU 
> computations and 110 years of single-GPU computations.”
> 
> via https://shattered.io/

Or in other words, just 110 GPUs can find the same collision in a
year; 40,000 can do it in a day.  When one's threat model includes
State and Corporate actors, that's not so good.

In the context of security as a spending contest, weighing the cost of
defending an asset vs. the cost of compromising the asset, SHA1 is not
broken except in a few cases involving very value assets and very
motivated attackers.  But the security of SHA1 will continue to
decline over time as number crunching gets cheaper, and a tipping
point is coming.

I figure bits are cheap and so is the "authorized users" end of crypto
maths; bigger hashes (and keys) are harmless at worst and /may/ defeat
attacks one does not suspect an adversary has.  So rolling in SHA-2
could be a "now" thing.  Figuring out when to deprecate then EOL SHA-1
is the remaining open question.

:o)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYsf/wAAoJEECU6c5XzmuqmsEH/30NhOD76o48atYKy+d6c7so
z10oTDkJGZNzQvXdNiK2NMixFzJLkv1f/e/2Xr8aa+ml+jIQ+V6P+Ct7m+3FLrN9
XG8jlOPTsjdfgAZF97d6tti7qCVJWF5eBO/8zKdIT29BX4THE4zd7btUxiJmgFUi
tIwYHqewKA5aZbKcGrPskcF2RkvY8O2M7T8oRaRSLW/H8xlkT0TR7s3cjh9sSeTq
AzD+NHnfjrMiEEoV8+r4IxCxUeyeDTSASiKME6iYcU/JLj0vfG3dECmPcXofaKh9
I5sEFaYq93dz6J/huf5aph86TaPxMYJjDHJhmJeMtKBSFb6rt/sOZwoqaQIRPmU=
=rcPW
-----END PGP SIGNATURE-----