Thank you Marc...
1/ I've said that it is needed to let people choose their digest algorithm...
a) of course the Fossil team does not take into account what I've said.
b) I was wondering in the past when would it be possible to the lambda guy to 
break the sha1.Finally it is worse than what I've expected...
c) I like this sentence :"especially in light of previous
>SHA-1 related discussions on list"
the discussion is not over, it is the beginning ... :D

2/ When I reply to ALL I've got these TWO e-mail ...Which one is the correct 
one...?
 
 
Best Regards

K.

      De : Kees Nuyt <[email protected]>
 À : [email protected] 
 Envoyé le : Jeudi 23 février 2017 18h15
 Objet : Re: [fossil-users] Google Security Blog: Announcing the first SHA1 
collision


  
[Default] On Thu, 23 Feb 2017 09:50:12 -0800, Marc Simpson
<[email protected]> wrote:

>This may be of interest to some here, especially in light of previous
>SHA-1 related discussions on list:
>
>  https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Interesting.

https://shattered.io/ says:
<citation>

Who is capable of mounting this attack?

This attack required over 9,223,372,036,854,775,808 SHA1
computations. This took the equivalent processing power as 6,500
years of single-CPU computations and 110 years of single-GPU
computations.

How does this attack compare to the brute force one?

The SHAttered attack is 100,000 faster than the brute force
attack that relies on the birthday paradox. The brute force
attack would require 12,000,000 GPU years to complete, and it is
therefore impractical. 
</citation>

-- 
Regards,
Kees Nuyt

_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users


   
_______________________________________________
fossil-users mailing list
[email protected]
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Reply via email to