[98201] in cryptography@c2.net mail archive
Re: Re: Re: Fwd: Potential SHA 1 Hack Using Distributed
daemon@ATHENA.MIT.EDU (Christian Rechberger)
Wed Aug 15 16:08:38 2007
Date: Wed, 15 Aug 2007 17:07:09 +0200
From: Christian Rechberger <christian.rechberger@TUGraz.at>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <p0624080fc2e7dfea7817@[165.227.249.213]>
Quoting Paul Hoffman <paul.hoffman@vpnc.org>:
> At 11:31 PM +0200 8/14/07, Christian Rechberger wrote:
>> The mentioned article is indeed confusing, the information in there =20
>> took apparently several hops.
>
> Welcome to the world of public cryptography! :-) At least I haven't =20
> seen anyone so far suggest that you will find pre-images.
Stay tuned, you never know ;-)
Something similar happened last year with our example for "meaningful =20
collisions" for SHA-1 to reduced to 80% of its steps. We gave two =20
meaningful but different ASCII texts followed by some random chunk as =20
an example of our new technique back then. Suddenly someone invented =20
HTML as an example of another application that ended up on a newsticker.
>> To address your questions: Indeed, we have our own "path", but more =20
>> importantly we developed a new method to speed-up generation and =20
>> testing of candidate message pairs and apply it to SHA-1. The =20
>> resulting work factor is still quite high, hence we ask for =20
>> contributions via the BOINC framework.
>
> Is there any estimation of how high? Specifically, do you believe =20
> there is a good chance of having less work effort than the current =20
> Wang strategy?
Seriously, if we wouldn't be convinced that the new method is more =20
efficient than anything else we know of and hence interesting enough =20
to explore further, we wouldn't have started such a project. So yes, =20
this is much faster than Wang's published method, and based on all we =20
know also faster than what is estimated for Wang's latest unpublished =20
methods.
Exact comparison is a complicated and delicate issue, and I have to =20
put you of to our upcoming paper on that issue. Your contribution of =20
CPU cycles is of course very welcome.
>> More information on cryptanalytic details, type of collision, and =20
>> resulting work factor will appear later this year.
>
> That's good to hear. It would also be interesting if you could keep =20
> a running meter of approximately how much work you are getting from =20
> the participants. This isn't nearly as "sexy" as finding ETs or even =20
> protein folding...
We first plan to provide support for more platforms to increase the =20
size of our potential user base, but next, some meaningful statistics =20
are indeed on our todo-list.
-Christian
(only sporadic access to mail this week)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
