* SHA-1 chosen-prefix colission attack
@ 2020-01-07 17:31 Kevin Daudt
2020-01-07 20:31 ` Santiago Torres Arias
0 siblings, 1 reply; 3+ messages in thread
From: Kevin Daudt @ 2020-01-07 17:31 UTC (permalink / raw)
To: git
Researchers published new advances in creating collisions in SHA-1
hashes: https://sha-mbles.github.io/
> As a side result, this shows that it now costs less than 100k USD to
> break cryptography with a security level of 64 bits (i.e. to compute
> 264 operations of symmetric cryptography).
Kevin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SHA-1 chosen-prefix colission attack
2020-01-07 17:31 SHA-1 chosen-prefix colission attack Kevin Daudt
@ 2020-01-07 20:31 ` Santiago Torres Arias
2020-01-08 7:30 ` Jeff King
0 siblings, 1 reply; 3+ messages in thread
From: Santiago Torres Arias @ 2020-01-07 20:31 UTC (permalink / raw)
To: Kevin Daudt, git
[-- Attachment #1: Type: text/plain, Size: 425 bytes --]
> > As a side result, this shows that it now costs less than 100k USD to
> > break cryptography with a security level of 64 bits (i.e. to compute
> > 264 operations of symmetric cryptography).
Just to clarify:
As a stopgap measure, the collision-detection library of Stevens and Shumow [SS17]
can be used to detect attack attempts (it successfully detects our attack).
At the end of section 7.0,
Cheers
-Santiago
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SHA-1 chosen-prefix colission attack
2020-01-07 20:31 ` Santiago Torres Arias
@ 2020-01-08 7:30 ` Jeff King
0 siblings, 0 replies; 3+ messages in thread
From: Jeff King @ 2020-01-08 7:30 UTC (permalink / raw)
To: Santiago Torres Arias; +Cc: Kevin Daudt, git
On Tue, Jan 07, 2020 at 03:31:48PM -0500, Santiago Torres Arias wrote:
> > > As a side result, this shows that it now costs less than 100k USD to
> > > break cryptography with a security level of 64 bits (i.e. to compute
> > > 264 operations of symmetric cryptography).
>
> Just to clarify:
>
> As a stopgap measure, the collision-detection library of Stevens and Shumow [SS17]
> can be used to detect attack attempts (it successfully detects our attack).
>
> At the end of section 7.0,
And if anyone is curious, you can test your build of Git against their
sample files by running:
$ t/helper/test-tool sha1 <messageA
fatal: SHA-1 appears to be part of a collision attack: 8ac60ba76f1999a1ab70223f225aefdc78d4ddc0
Unfortunately you can't test with actual Git objects, because their
chosen-prefixes don't have object headers. They do estimate that a
classical collision is down to ~11k USD to compute, so maybe we'll see
one eventually. :)
-Peff
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-01-08 7:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-07 17:31 SHA-1 chosen-prefix colission attack Kevin Daudt
2020-01-07 20:31 ` Santiago Torres Arias
2020-01-08 7:30 ` Jeff King
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).