On Fri, 04 Jan 2013 11:56:36 -0800
Andrey Jivsov <openpgp(_at_)brainhub(_dot_)org> wrote:
On 01/04/2013 02:53 AM, Christian Aistleitner wrote:
Hi Andrey,
On Thu, Jan 03, 2013 at 03:30:14PM -0800, Andrey Jivsov wrote:
Instead of 80 bit is security (birthday
bounds) SHA-1 is listed as 51 bits on
http://en.wikipedia.org/wiki/Message_digest.
Since you mention the 51 bits part again and again ...
Do you have any data / research underpinning this 51 (Besides
Wikipedia)?
After all, the cited Wikipedia page links to the retracted variant of
an article :-(
Otherwise, the best /theoretical/ result that I know of is just
above 60.
It looks like this is from the paper "Classification and Generation of
Disturbance Vectors for Collision Attacks against SHA-1"
published in 2011 in Designs, Codes and Cryptography
http://link.springer.com/article/10.1007%2Fs10623-010-9458-9?LI=true
with 27 citations in Google scholar. There you can find a dozen of
different copies (or minor revisions?) of the paper and Wikipedia links
one of them.
Should we rather say that the _practical_ value is about 60 (it's not to
say that 2^60 is that practical, but that there is an expensive but an
actionable attack plan). The following post leads the reader to the
algorithm :
http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
In either case, humans are less than 2^33 todays and this number should not
increase so much in the next decades. Even if each living human use OpenPGP and
more than a dozen of keys, we are far from 2^60 or 2^51...
(even if we consider also the life expectancy)
regards,
--
jbar <jeanjacquesbrucker(_at_)gmail(_dot_)com>
pgpaUmJOXhEY4.pgp
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp