On Sun, 26 Feb 2017, Keith Medcalf wrote:
So you would need 6000 years of computer time to compute the collision
on the SHA1 signature, and how much additional time to compute the
trapdoor (private) key, in order for the cert to be of any use?
1) Wasn't the 6000 years estimate from an article >10 years ago?
Computers have gotten a bit faster.
2) I suspect the sort of person interested in doing this, unburdened by
ethics, would have no issues using a large botnet to speed up the process.
How long does it take if you have a million PCs working on the problem?
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
