| 1 |
On Sat, 25 Feb 2017 22:12:10 +0100 Miroslav Rovis wrote: |
| 2 |
> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html |
| 3 |
> |
| 4 |
> ( you know I hate the Schmoog, and didn't take their cookies, and so |
| 5 |
> they didn't show me their page in my Palemoon --working great here!, an |
| 6 |
> Angel of Honesty in comparison to Firefox --and if anybody else don't |
| 7 |
> want Schmoog prying in his machine, likely: |
| 8 |
|
| 9 |
Mass generation of collisions is much easier if document structure |
| 10 |
is taken into account, e.g. for PDF it is sufficient to compute |
| 11 |
collision block once and it is possible to generate different PDFs |
| 12 |
with the same SHA1 hash. |
| 13 |
|
| 14 |
On-line service is available together with detailed description: |
| 15 |
https://alf.nu/SHA1 |
| 16 |
|
| 17 |
So danger of SHA1 collision is much closer than |
| 18 |
9,223,372,036,854,775,808 SHA1 computations or 1 110-GPU year. |
| 19 |
|
| 20 |
Best regards, |
| 21 |
Andrew Savchenko |
Archives