On Tue, 30 Dec 2008 16:29:11 PST, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" said:
> First, you need 5 CAs that use MD5 hashes. How many do that? You got that backwards. They found five, only need one. > Is this attack effective against SHA-1? How much longer would it take? http://www.win.tue.nl/hashclash/rogue-ca/ Read 5.3.4 for MD5: The total complexity of the collision construction can be estimated at 251.x MD5 compression function calls, when 30 GB of memory is available. And the FAQ for SHA-1: Status of the theory: at the Rump Session of Crypto 2007 they estimated the complexity of their attack for collisions with identical initial IHVs to be 2^61 calls to the compression function. For chosen-prefix collisions they estimated in 2006 a complexity of just below the birthday bound of 280. Improvements on the latter result are probably possible, but nobody has looked into this. So... an order of 2^10 harder.
pgpPqf3Tbg10t.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
