[144407] in cryptography@c2.net mail archive
Re: [tahoe-dev] SHA-1 broken!
daemon@ATHENA.MIT.EDU (Sandy Harris)
Sun May 3 13:48:25 2009
In-Reply-To: <8763gkxgwl.fsf@snark.cb.piermont.com>
Date: Sun, 3 May 2009 19:59:31 +0800
From: Sandy Harris <sandyinchina@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
On Sat, May 2, 2009 at 12:33 PM, Perry E. Metzger <perry@piermont.com> wrote:
> As just one obvious example of a realistic threat, consider that there
> are CAs that will happily sell you certificates that use SHA-1.
>
> Various clever forgery attacks have been used against certs that use
> MD5, see:
>
> http://www.win.tue.nl/hashclash/rogue-ca/
>
> Those attacks can now be extended to SHA-1 pretty easily. It might
> require a bit of compute infrastructure -- say a lot of FPGAs and a
> bunch of cleverness -- to turn out certs quickly, but it can be
> done. Given that there are lots of high value certs out there of this
> form, this is rather dangerous.
Off-the-shelf FPGA-based device that breaks DES by brute force in
about a week, costs 9,000 euros: http://www.copacobana.org/
These are commercially available and programmable. Setting a
few of them up to break SHA-1 certainly would not be trivial,
but it looks feasible.
--
Sandy Harris,
Quanzhou, Fujian, China
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
