Archives
Archives
| From: | R0b0t1 <r030t1@×××××.com> | ||
|---|---|---|---|
| To: | "gentoo-user@l.g.o" <gentoo-user@l.g.o> | ||
| Subject: | Re: [gentoo-user] SHA-1 has just been broken | ||
| Date: | Sun, 26 Feb 2017 03:35:11 | ||
| Message-Id: | CAAD4mYiurZZy=4GUYpsMZK6nTNYedwoxRrHXuUyZM7cU4vwgOg@mail.gmail.com | ||
| In Reply to: | [gentoo-user] SHA-1 has just been broken by Miroslav Rovis |
||
| 1 | On Saturday, February 25, 2017, Miroslav Rovis <miro.rovis@××××××××××××××.hr> |
| 2 | wrote: |
| 3 | > |
| 4 | https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html |
| 5 | > |
| 6 | > -- |
| 7 | > Miroslav Rovis |
| 8 | > Zagreb, Croatia |
| 9 | > http://www.CroatiaFidelis.hr |
| 10 | > |
| 11 | |
| 12 | Very interesting. The first useful SHA-1 collision was, if I remember, done |
| 13 | in 2015, and subverted an HTTPS certificate (though not one which had been |
| 14 | issued). This was some guys with a couple of servers lined with graphics |
| 15 | cards. |
| 16 | |
| 17 | Seeing someone manage to do it in a garage a number of years before it was |
| 18 | cosidered feasible should, hopefully, make you have more conservative |
| 19 | estimates of the strength of modern cryptography. |
| 20 | |
| 21 | Aside: |
| 22 | http://ecrypt-eu.blogspot.com/2015/11/break-dozen-secret-keys-get-million.html |
| 23 | |
| 24 | R0b0t1. |
| Subject | Author |
|---|---|
| Re: [gentoo-user] SHA-1 has just been broken | Miroslav Rovis <miro.rovis@××××××××××××××.hr> |