Hacks: Smashing SHA-1 to Shambles for less than 1BTC
coderman
coderman at protonmail.com
Wed Dec 30 08:07:26 PST 2020
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, December 30, 2020 6:04 AM, grarpamp <grarpamp at gmail.com> wrote:
> https://eprint.iacr.org/2020/014
> SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and
> Application to the PGP Web of Trust
> ... We managed to significantly reduce the
> complexity of collisions attack against SHA-1: on an Nvidia GTX 970,
> identical-prefix collisions can now be computed with a complexity of
> 261.2 rather than 264.7, and chosen-prefix collisions with a
> complexity of 263.4 rather than 267.1. When renting cheap GPUs, this
> translates to a cost of 11k US\$ for a collision, and 45k US\$ for a
> chosen-prefix collision, within the means of academic researchers. Our
> actual attack required two months of computations using 900 Nvidia GTX
> 1060 GPUs (we paid 75k US\$ because GPU prices were higher, and we
> wasted some time preparing the attack).
> Therefore, the same attacks that have been practical on MD5 since 2009
> are now practical on SHA-1. In particular, chosen-prefix collisions
> can break signature schemes and handshake security in secure channel
> protocols (TLS, SSH).
someone could warm some GPUs and really make a mess of commits to public repos. (yes, git uses SHA1 :)
see also https://github.com/bk2204/git/blob/transition-stage-4/Documentation/technical/hash-function-transition.txt
best regards,
More information about the cypherpunks
mailing list