1 |
On Sat, 25 Feb 2017 22:12:10 +0100 Miroslav Rovis wrote: |
2 |
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html |
3 |
> |
4 |
> ( you know I hate the Schmoog, and didn't take their cookies, and so |
5 |
> they didn't show me their page in my Palemoon --working great here!, an |
6 |
> Angel of Honesty in comparison to Firefox --and if anybody else don't |
7 |
> want Schmoog prying in his machine, likely: |
8 |
|
9 |
Mass generation of collisions is much easier if document structure |
10 |
is taken into account, e.g. for PDF it is sufficient to compute |
11 |
collision block once and it is possible to generate different PDFs |
12 |
with the same SHA1 hash. |
13 |
|
14 |
On-line service is available together with detailed description: |
15 |
https://alf.nu/SHA1 |
16 |
|
17 |
So danger of SHA1 collision is much closer than |
18 |
9,223,372,036,854,775,808 SHA1 computations or 1 110-GPU year. |
19 |
|
20 |
Best regards, |
21 |
Andrew Savchenko |