‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, December 30, 2020 6:04 AM, grarpamp <[email protected]> wrote:
> https://eprint.iacr.org/2020/014 > SHA-1 is a Shambles - First Chosen-Prefix Collision on SHA-1 and > Application to the PGP Web of Trust > ... We managed to significantly reduce the > complexity of collisions attack against SHA-1: on an Nvidia GTX 970, > identical-prefix collisions can now be computed with a complexity of > 261.2 rather than 264.7, and chosen-prefix collisions with a > complexity of 263.4 rather than 267.1. When renting cheap GPUs, this > translates to a cost of 11k US\$ for a collision, and 45k US\$ for a > chosen-prefix collision, within the means of academic researchers. Our > actual attack required two months of computations using 900 Nvidia GTX > 1060 GPUs (we paid 75k US\$ because GPU prices were higher, and we > wasted some time preparing the attack). > Therefore, the same attacks that have been practical on MD5 since 2009 > are now practical on SHA-1. In particular, chosen-prefix collisions > can break signature schemes and handshake security in secure channel > protocols (TLS, SSH). someone could warm some GPUs and really make a mess of commits to public repos. (yes, git uses SHA1 :) see also https://github.com/bk2204/git/blob/transition-stage-4/Documentation/technical/hash-function-transition.txt best regards,
