[hashcash] Hashcash and the cracking of SHA1

• From: "David Fuelling" <sappenin@xxxxxxxxx>
• To: <hashcash@xxxxxxxxxxxxx>
• Date: Sun, 28 Jan 2007 13:14:48 -0500

Hey List,

Sorry if this has been covered in the last two years, but I just want to be
sure I've got my facts straight.

So, sometime in 2005, the SHA1 algorithm was cracked by a Chinese
mathematician.  Bruce Schneier blogs about it here:

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

In a nutshell: "Collisions in the the full SHA-1 in 2**69 hash operations,
much less than the brute-force attack of 2**80 operations based on the hash
length."

I'm wondering if this has any implications on Hashcash.  From my way of
thinking, if the supposed "crack" still takes 2^69 operations (instead of
the typical 2^80 via brute force), that's still going to be a lot *longer*
than computing a partial hash collision that might take seconds or minutes
(as is the case in Hashcash).

I guess I'm just wanting to be sure that Hashcash isn't somehow vulnerable
in its current form.  I don't think it is, but figured I'd ping the list
just to be sure.

Thanks!

David

• Follow-Ups:
  • [hashcash] Re: Hashcash and the cracking of SHA1
    • From: Atom Smasher

Other related posts:

• » [hashcash] Hashcash and the cracking of SHA1
• » [hashcash] Re: Hashcash and the cracking of SHA1
• » [hashcash] Re: Hashcash and the cracking of SHA1

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription