[193846] in North American Network Operators' Group
RE: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Feb 27 07:25:13 2017
X-Original-To: nanog@nanog.org
Date: Mon, 27 Feb 2017 07:23:43 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: Keith Medcalf <kmedcalf@dessus.com>
In-Reply-To: <4d232756f7c9734ba4df14c96d94beaf@mail.dessus.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, 26 Feb 2017, Keith Medcalf wrote:
> So you would need 6000 years of computer time to compute the collision
> on the SHA1 signature, and how much additional time to compute the
> trapdoor (private) key, in order for the cert to be of any use?
1) Wasn't the 6000 years estimate from an article >10 years ago?
Computers have gotten a bit faster.
2) I suspect the sort of person interested in doing this, unburdened by
ethics, would have no issues using a large botnet to speed up the process.
How long does it take if you have a million PCs working on the problem?
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
