To out-pedant you: even assuming that the differential collision attacks we know... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		pbsd on Sept 8, 2014 \| parent \| context \| favorite \| on: Why Google is Hurrying the Web to Kill SHA-1 To out-pedant you: even assuming that the differential collision attacks we know about are incorrect [1], we absolutely know how to break SHA-1 given enough compute, that is, roughly the same resources needed to break RSA-1024. The answer is generic collision finding with parallel rho [2]. [1] https://marc-stevens.nl/research/papers/EC13-S.pdf [2] http://people.scs.carleton.ca/~paulv/papers/JoC97.pdf

tptacek on Sept 8, 2014 | [–]

You haven't so much out-pedanted me as refuted me. :)

konklone on Sept 8, 2014 | | [–]

I added links to both papers to the bottom, and removed the "we'll probably need to upgrade" to SHA-3 sentence fragment.

yuhong on Sept 8, 2014 | [–]

It seems that the identical prefix collision would be good to investigate doing an ASIC on.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact