[193877] in North American Network Operators' Group
Re: SHA1 collisions proven possisble
daemon@ATHENA.MIT.EDU (James DeVincentis via NANOG)
Wed Mar 1 19:38:31 2017
X-Original-To: nanog@nanog.org
Date: Wed, 1 Mar 2017 18:38:25 -0600
To: nanog@nanog.org
In-Reply-To: <43912.1488414147@turing-police.cc.vt.edu>
From: James DeVincentis via NANOG <nanog@nanog.org>
Reply-To: James DeVincentis <james.d@hexhost.net>
Errors-To: nanog-bounces@nanog.org
Keep in mind botnets that large are comprised largely of IoT devices =
which have very little processing power compared to the massive =
multi-core, high frequency, high memory bandwidth (this is especially =
important for cryptographic operations) CPUs in data centers. It =
doesn=E2=80=99t take much processing power to launch DDoS attacks so =
that=E2=80=99s why IoT is perfect for botnets. Those botnets which have =
desktop grade systems are also comprised of typically older machines =
that go unpatched and do not have high end server CPUs or GPUs. A botnet =
is also not going to get you the high end GPUs you need for phase 2. =
Generally the people with hardcore GPUs are gamers and workstation users =
that push those GPUs. They're going to notice the GPUs being utilized =
abnormally.=20
On top of that, the calculations they did were for a stupidly simple =
document modification in a type of document where hiding extraneous data =
is easy. This will get exponentially computationally more expensive the =
more data you want to mask. It took nine quintillion computations in =
order to mask a background color change in a PDF.
And again, the main counter-point is being missed. Both the good and bad =
documents have to be brute forced which largely defeats the purpose. =
Tthose numbers of computing hours are a brute force. It may be a =
simplified brute force, but still a brute force.=20
The hype being generated is causing management at many places to cry =
exactly what Google wanted, =E2=80=9CWolf! Wolf!=E2=80=9D.
> On Mar 1, 2017, at 6:22 PM, valdis.kletnieks@vt.edu wrote:
>=20
> On Wed, 01 Mar 2017 15:28:23 -0600, "james.d--- via NANOG" said:
>=20
>> Those statistics are nowhere near real world for ROI. You'd have to =
invest
>> at least 7 figures (USD) in resources. So the return must be millions =
of
>> dollars before anyone can detect the attack. Except, it's already
>> detectable.
>=20
> *Somebody* has to invest 7 figures in resources. Doesn't have to be =
you.
>=20
> Remember that if you have access to a 1M node botnet, you could have =
56,940,000
> hours of CPU time racked racked up in... under 60 hours.
>=20
