SHA-1 break - in perspective

Atom Smasher atom at smasher.org
Wed Feb 16 21:56:25 CET 2005

```-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

this should help put the (alleged until proven otherwise) SHA-1 break into
perspective. thanks to Sascha Kiefer for giving me the idea.

let's say that unbroken SHA-1 represents a 100 meter (328 ft) wall. if a
break allows a collision to be found in merely 2^69 operations (on
average), that would mean the wall has crumbled to 4.9 cm (1.9 in) tall.
that's broken!!

OTOH, let's say that unbroken MD5 represents a 100 meter (328 ft) wall.
comparing unbroken MD5 to broken SHA-1 means the wall would actually grow
from 100 meters (328 ft) tall to 3.2 km (1.99 miles) tall. SHA-1, even if
it's broken enough to find a collision in 2^69 operations (on average), is
still stronger than MD5 was ever meant to be.

again, using unbroken MD5 as our reference of a 100 meter (328 ft) wall,
unbroken SHA-1 would be a wall 6553.6 km (4072 miles) tall. SHA-1 was
intended to be incredibly stronger than MD5.

- --
...atom

_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------

"IDEA's key length is 128 bits - over twice as long as DES.
Assuming that a brute force attack is the most efficient,
it would require 2^128 (10^38) encryptions to recover the
key. Design a chip that can test a billion keys per
second an throw a billion of the them at the problem,
and it will still take 10^13 years - that's longer than
the age of the universe. An array of 10^24 such chips can
find the key in a day, but there aren't enough silicon
atoms in the universe to build such a machine. Now we're
getting somewhere - although I'd keep my eye on the dark
matter debate."
-- Bruce Schneier, Applied Cryptography

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?

iQEcBAEBCAAGBQJCE7N+AAoJEAx/d+cTpVciBIMH/2XFTi0DMGuhXrwCEvmXvxIN
of+aZbdO/vJgDWVR5u7amHOEKf0EBtzhgUxgpFbrGybx26JCx1zL40BfxXxZb6LH
AxJhHvCqtZ/XSqQIXBU0fMT9/sicWV/f8sHvlOWCWGCKRdmus0tMSODW9T8vdWaT
jrTXvOqnFx2fUKsZiyjwPQQYw9kln7m/MRpon6SiPxmjZFoUWlap/c1OnqjVwpUR
xKwczYBZmQdozR24G/pWfVCkbleYcvkPHu/EcV22x9UEiUyHseBxRVgoV0NAV9Ln
tzdbBeMPBTUyuCVFlZGXqdMA1+cevpxSt4WsJt8yX+h2VtSzwq2YMqFsA9xeVpg=
=I/9u
-----END PGP SIGNATURE-----

```