[hashcash] Re: Hashcash and the cracking of SHA1
- From: Atom Smasher <atom@xxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Sun, 28 Jan 2007 18:53:29 -0500 (EST)
On Sun, 28 Jan 2007, David Fuelling wrote:
In a nutshell: "Collisions in the the full SHA-1 in 2**69 hash
operations, much less than the brute-force attack of 2**80 operations
based on the hash length."
========================
2^69 is a significant reduction in work from 2^80, but still non-trivial.
to put it in perspective, MD5 was designed to require 2^64 operations to
find a collision (accounting for the birthday paradox). so even partly
broken, SHA-1 is still stronger than MD5 was ever meant to be.
regarding the evolution of hashcash, if i understand it correctly (it's
been a while since i've read the full documentation), the first part of a
stamp (currently a 0 or 1 before the first colon) is used for version
number. versions zero and one only use SHA-1, and as things change a
future version of hashcash can use a different hash.
for now, though, SHA-1 is more than adequate for this use. when SHA-1 is
*really* broken, the bigger impact will be on the pgp infrastructure that
relies exclusively on SHA-1 for key fingerprints.
--
...atom
________________________
http://atom.smasher.org/
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"A people that values its privileges above its principles
soon loses both."
-- Dwight D. Eisenhower
Other related posts:
