On Wed, Dec 5, 2012 at 11:19 AM, Sebastian Schuberth
<sschube...@gmail.com> wrote:
> to say it in advance: I do not want to trigger any bogus security discussion
> here. Instead, I believe the findings from [1] allow for an up to 20% faster
> SHA1 calculation, if my brief reading of the presentation is correct. Any
> opinions on integration this optimization into Git?
> [1] https://hashcat.net/p12/js-sha1exp_169.pdf

Pretty cool find.  Although it's not actual cryptographic weakness, it does
show some gaps in designers thinking - as there are simple optimizations
available to crackers but not users.

It does seem unusable for real implementation - the 20% win
is available only after the data is processed properly once.
Then after changing the data a little, you can calculate next
hash faster.

There still small possibility that there is way to optimize W calculation
for the first run, but it does seem really hard, and even impossible
while trying to keep the cache usage small.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to