On Tue, 30 Dec 2008 20:27:07 EST, [email protected] said: > > Is this attack effective against SHA-1? How much longer would it take? > > http://www.win.tue.nl/hashclash/rogue-ca/ > > Read 5.3.4 for MD5: > The total complexity of the collision construction can be estimated at 2^51.x MD5 compression function calls, when 30 GB of memory is available. > > And the FAQ for SHA-1: > Status of the theory: at the Rump Session of Crypto 2007 they estimated the > complexity of their attack for collisions with identical initial IHVs to be > 2^61 calls to the compression function. For chosen-prefix collisions they > estimated in 2006 a complexity of just below the birthday bound of 280. > Improvements on the latter result are probably possible, but nobody has looke d > into this. > > So... an order of 2^10 harder.
Damn apples and oranges. 2^51 for chosen-prefix MD5, 2^61 for SHA-1 collide, 2^80 for chosen-prefix SHA1. Do the rest of the math yourself, I'm obviously temporarily incompetent. ;)
pgpEUi2Iyz1lQ.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
