Overclock.net › Forums › Industry News › Technology and Science News › [Google] The SHAppening: freestart collisions for SHA-1
New Posts  All Forums:Forum Nav:

[Google] The SHAppening: freestart collisions for SHA-1

post #1 of 15
Thread Starter 
Quote:
We have computed the SHA-1 freestart collision on Kraken, our 64-GPU cluster. More precisely Kraken is composed of 16 nodes, each node being made of simple, cheap and widely available hardware: 4 GTX-970 GPUs, 1 Haswell i5-4460 processor and 16GB of RAM.

We recommend that SHA-1 based signatures should be marked as unsafe much sooner than prescribed by current international policy. Even though freestart collisions do not directly lead to actual collisions for SHA-1, in our case, the experimental data we obtained in the process enable significantly more accurate projections on the real-world cost of actual collisions for SHA-1, compared to previous projections. Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015) between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months.

Sooner than some expected, I imagine.

https://sites.google.com/site/itstheshappening/
post #2 of 15
Whaashapnin'... Whaashup?

No really, can you provide a layman's explanation? Websites are easily fakeable again, is what I think this means?
The Mad Cow
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz Gigabyte H61M-S2H HIS Radeon HD 6670 Kingston 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 ... 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue Samsung/Hitachi something or other assortment of leftovers from old systems hot-gl... Xubuntu 15.04 
MonitorKeyboardPowerCase
Sony whatevs Logitech K400 Thermaltake Smart650 Hand-me-down Gateway case 
MouseMouse PadAudioOther
Can you believe I got it at a gas station? worth more than the software it came with. Sup... JVC XX in-ears Logitech f310 
  hide details  
Reply
The Mad Cow
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz Gigabyte H61M-S2H HIS Radeon HD 6670 Kingston 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 ... 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue Samsung/Hitachi something or other assortment of leftovers from old systems hot-gl... Xubuntu 15.04 
MonitorKeyboardPowerCase
Sony whatevs Logitech K400 Thermaltake Smart650 Hand-me-down Gateway case 
MouseMouse PadAudioOther
Can you believe I got it at a gas station? worth more than the software it came with. Sup... JVC XX in-ears Logitech f310 
  hide details  
Reply
post #3 of 15
Quote:
Originally Posted by un-midas touch View Post

Whaashapnin'... Whaashup?

No really, can you provide a layman's explanation? Websites are easily fakeable again, is what I think this means?

If I am not mistaken, collision in a digital signature system means that hash of different files can result in same signature (case of md5). For example you digital sign a word document and you send your public key for others to verify, but due to this collision some other person can create a fake document out of it but will return same signature as your private key by adding non-printable or null character into the file to match collision. There are some other cases as well but I think this is one of the simpler example.
Cmiiw
Survival Laptops
(15 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600k Dell XPS 15 Intel GMA3000 Hynx 8GB (unknown brands) 
RAMHard DriveHard DriveOS
Corsair 8GB Value Select WD Black Samsung PRO 850 SSD Windows 7 
KeyboardMouseAudio
Build In Laptop Logitech G700 Musiland 03 Dragon Edition 
  hide details  
Reply
Survival Laptops
(15 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600k Dell XPS 15 Intel GMA3000 Hynx 8GB (unknown brands) 
RAMHard DriveHard DriveOS
Corsair 8GB Value Select WD Black Samsung PRO 850 SSD Windows 7 
KeyboardMouseAudio
Build In Laptop Logitech G700 Musiland 03 Dragon Edition 
  hide details  
Reply
post #4 of 15
That's exactly why everyone switched to SHA256 last month. This isn't really an issue anymore in the commercial sector unless you're part of a business which is lagging behind.
T3k
(13 items)
 
The Tibaldi
(9 items)
 
WooJoo
(13 items)
 
CPUMotherboardGraphicsGraphics
Intel i5 3210 h77 HD4000 GeForce 640 LE 
RAMHard DriveOSOS
4gb of something 5400rpm slowness 13.04 Ubuntu x64  Windows 8 Pro 
Monitor
1920x1080 
CPUMotherboardGraphicsRAM
965 BE 4.0GHZ (250 x 15.5) @1.5V m2n32 sli deluxe - 2000mhz @ 1.3V Asus TOP 5850 1GB 950/1200 Kingston HyperX 5-5-5-15 
Hard DriveOptical DriveOSMonitor
WD Velociraptor 150GB, WD raptor 74gb TDK 880N DVDRW Windows 7 x64 Ultimate Westinghouse 22" lcd 
KeyboardPowerCaseMouse
saitek eclipse II Corsair 620W modular Cooler Master ATCS 840 black emprex 
  hide details  
Reply
T3k
(13 items)
 
The Tibaldi
(9 items)
 
WooJoo
(13 items)
 
CPUMotherboardGraphicsGraphics
Intel i5 3210 h77 HD4000 GeForce 640 LE 
RAMHard DriveOSOS
4gb of something 5400rpm slowness 13.04 Ubuntu x64  Windows 8 Pro 
Monitor
1920x1080 
CPUMotherboardGraphicsRAM
965 BE 4.0GHZ (250 x 15.5) @1.5V m2n32 sli deluxe - 2000mhz @ 1.3V Asus TOP 5850 1GB 950/1200 Kingston HyperX 5-5-5-15 
Hard DriveOptical DriveOSMonitor
WD Velociraptor 150GB, WD raptor 74gb TDK 880N DVDRW Windows 7 x64 Ultimate Westinghouse 22" lcd 
KeyboardPowerCaseMouse
saitek eclipse II Corsair 620W modular Cooler Master ATCS 840 black emprex 
  hide details  
Reply
post #5 of 15
Thread Starter 
Quote:
Originally Posted by rusky1 View Post

That's exactly why everyone switched to SHA256 last month. This isn't really an issue anymore in the commercial sector unless you're part of a business which is lagging behind.

SHA-1 is still pretty widely implemented, albeit mostly by lazy admins. It's a real concern, and despite this being pretty available information for quite some time, many have ignored it.
post #6 of 15
Thread Starter 
Quote:
Originally Posted by un-midas touch View Post

Whaashapnin'... Whaashup?

No really, can you provide a layman's explanation? Websites are easily fakeable again, is what I think this means?

It means that it's possible to supply two different input values, and the resulting hashed value is identical.
post #7 of 15
2+3 = 5
1+4 = 5

Its always going to happen unless you map output values, but mapping inputs or outputs would be a potential source of infiltration..
post #8 of 15
Quote:
Originally Posted by sub50hz View Post

SHA-1 is still pretty widely implemented, albeit mostly by lazy admins. It's a real concern, and despite this being pretty available information for quite some time, many have ignored it.
Well sha-1 still has purpose, probably replacing md5 as cpu resources become cheaper
Survival Laptops
(15 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600k Dell XPS 15 Intel GMA3000 Hynx 8GB (unknown brands) 
RAMHard DriveHard DriveOS
Corsair 8GB Value Select WD Black Samsung PRO 850 SSD Windows 7 
KeyboardMouseAudio
Build In Laptop Logitech G700 Musiland 03 Dragon Edition 
  hide details  
Reply
Survival Laptops
(15 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600k Dell XPS 15 Intel GMA3000 Hynx 8GB (unknown brands) 
RAMHard DriveHard DriveOS
Corsair 8GB Value Select WD Black Samsung PRO 850 SSD Windows 7 
KeyboardMouseAudio
Build In Laptop Logitech G700 Musiland 03 Dragon Edition 
  hide details  
Reply
post #9 of 15
Thread Starter 
Quote:
Originally Posted by STEvil View Post

2+3 = 5
1+4 = 5

Its always going to happen unless you map output values, but mapping inputs or outputs would be a potential source of infiltration..

The algorithm is not simply adding numbers, though. A more distinct way to explain this would be something like:

ln39nlsdg934 = abcd1234
skjnsd8309n = abcd1234

..where the input vectors are unique but the hashed values are identical.
post #10 of 15
Quote:
Originally Posted by sub50hz View Post

The algorithm is not simply adding numbers, though. A more distinct way to explain this would be something like:

ln39nlsdg934 = abcd1234
skjnsd8309n = abcd1234

..where the input vectors are unique but the hashed values are identical.
so it's adding numbers
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [Google] The SHAppening: freestart collisions for SHA-1