I don't disagree with the analysis or the conclusion. * *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Oct 5, 2012 at 3:07 PM, Crawford, Scott <[email protected]>wrote: > ** ** > > ** ** > > *Feed:* Schneier on Security > *Posted on:* Friday, October 05, 2012 1:25 PM > *Author:* schneier > *Subject:* When Will We See Collisions for SHA-1?**** > > ** ** > > On a NIST-sponsored hash function mailing > list<http://csrc.nist.gov/groups/ST/hash/email_list.html>, > Jesse Walker (from Intel; also a member of the > Skein<http://www.schneier.com/skein.html>team) did some back-of-the-envelope > calculations to estimate how long it > will be before we see a practical collision attack against SHA-1. I'm > reprinting his analysis here, so it reaches a broader audience.**** > > According to E-BASH <http://bench.cr.yp.to/ebash.html>, the cost of one > block of a SHA-1 operation on already deployed commodity microprocessors is > about 214 cycles. If Stevens' > attack<http://2012.sharcs.org/slides/stevens.pdf>of 2 > 60 SHA-1 operations serves as the baseline, then finding a collision > costs about 214 * 260 ~ 274 cycles. **** > > A core today provides about 231 cycles/sec; the state of the art is 8 = > 23cores per processor for a total of 2 > 3 * 231 = 234 cycles/sec. A server typically has 4 processors, increasing > the total to 22 * 234 = 236 cycles/sec. Since there are about 225sec/year, > this means one server delivers about 2 > 25 * 236 = 261 cycles per year, which we can call a "server year."**** > > There is ample evidence that Moore's law will continue through the mid > 2020s. Hence the number of doublings in processor power we can expect > between now and 2021 is:**** > > 3/1.5 = 2 times by 2015 (3 = 2015 - 2012) 6/1.5 = 4 times by 2018 (6 = > 2018 - 2012) 9/1.5 = 6 times by 2021 (9 = 2021 - 2012)**** > > So a commodity server year should be about:**** > > 261 cycles/year in 2012 22 * 261 = 263 cycles/year by 2015 24 * 261 = > 265cycles/year by 2018 2 > 6 * 261 = 267 cycles/year by 2021**** > > Therefore, on commodity hardware, Stevens' attack should cost > approximately:**** > > 274 / 261 = 213 server years in 2012 274 / 263 = 211 server years by 2015 > 274 / 265 = 29 server years by 2018 274 / 267 = 27 server years by 2021*** > * > > Today Amazon rents compute time on commodity servers for about $0.04 / > hour ~ $350 /year. Assume compute rental fees remain fixed while server > capacity keeps pace with Moore's law. Then, since log2(350) ~ 8.4 the > cost of the attack will be approximately:**** > > 213 * 28.4 = 221.4 ~ $2.77M in 2012 211 * 28.4 = 219.4 ~ $700K by 2015 29* 2 > 8.4 = 217.4 ~ $173K by 2018 27 * 28.4 = 215.4 ~ $43K by 2021**** > > A collision attack is therefore well within the range of what an organized > crime syndicate can practically budget by 2018, and a university research > project by 2021.**** > > Since this argument only takes into account commodity hardware and not > instruction set improvements (e.g., ARM 8 specifies a SHA-1 instruction), > other commodity computing devices with even greater processing power (e.g., > GPUs), and custom hardware, the need to transition from SHA-1 for collision > resistance functions is probably more urgent than this back-of-the-envelope > analysis suggests.**** > > Any increase in the number of cores per CPU, or the number of CPUs per > server, also affects these calculations. Also, any improvements in > cryptanalysis will further reduce the complexity of this attack.**** > > The point is that we in the community need to start the migration away > from SHA-1 and to SHA-2/SHA-3 now.**** > > > View > article...<http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html> > **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
