Questions about generating keys (hash firewalls)

Oskar L. oskar at
Sat Aug 25 00:21:51 CEST 2007

Robert J. Hansen wrote:
> Doing a birthday attack is highly nontrivial.  E.g., to do a birthday
> attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules
> to be liberated as heat.  That's about as much as you'd get from an
> entire full-out strategic nuclear exchange between the US and Russia.
> You're talking global climate change at that point, along with potential
> mass extinction of humanity.  It's not pretty.

I only meant to point out that a birthday attack would have a much better
chance of finding a collision than a second preimage attack. I'm sorry if
I made it sound trivial, I know it's not. I just tried to give an example
of how it works that would be easy to understand.

I'm pretty sure the process is called a birthday attack, weather it's
successful or not, and no matter how few hashes you use. So even if you
only compare the hash values of "a", "b" and "c" in hope of finding a
collision, it's still a birthday attack.


More information about the Gnupg-users mailing list