On Sat, May 2, 2009 at 12:33 PM, Perry E. Metzger <pe...@piermont.com> wrote:
> As just one obvious example of a realistic threat, consider that there > are CAs that will happily sell you certificates that use SHA-1. > > Various clever forgery attacks have been used against certs that use > MD5, see: > > http://www.win.tue.nl/hashclash/rogue-ca/ > > Those attacks can now be extended to SHA-1 pretty easily. It might > require a bit of compute infrastructure -- say a lot of FPGAs and a > bunch of cleverness -- to turn out certs quickly, but it can be > done. Given that there are lots of high value certs out there of this > form, this is rather dangerous. Off-the-shelf FPGA-based device that breaks DES by brute force in about a week, costs 9,000 euros: http://www.copacobana.org/ These are commercially available and programmable. Setting a few of them up to break SHA-1 certainly would not be trivial, but it looks feasible. -- Sandy Harris, Quanzhou, Fujian, China --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com