IETF Logo Mail Archive

Re: [openpgp] Followup on fingerprints

"Derek Atkins" <derek@ihtfp.com> Mon, 03 August 2015 17:47 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4DDF1B2D6C for <openpgp@ietfa.amsl.com>; Mon, 3 Aug 2015 10:47:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_ORG=0.611] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQCIryVwt_gm for <openpgp@ietfa.amsl.com>; Mon, 3 Aug 2015 10:47:41 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F61C1B2D6B for <openpgp@ietf.org>; Mon, 3 Aug 2015 10:47:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id DE29BE2034; Mon, 3 Aug 2015 13:47:39 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 08299-04; Mon, 3 Aug 2015 13:47:37 -0400 (EDT)
Received: by mail2.ihtfp.org (Postfix, from userid 48) id B9CEEE2035; Mon, 3 Aug 2015 13:47:37 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1438624057; bh=0tFs2beDZDLJl4PNabRF0b0ZF+Rg/KrtvzQwmNbJx4I=; h=In-Reply-To:References:Date:Subject:From:To:Cc; b=dRG5e7fJruEgB41N3PhX5W+rjcVGcfeWcBFk4MOCW8kYGrmbi1ANz2kILxoOeXNPh ZOVMud/WgJU7vErTQ58BtGEoLkIqPGhXrHBOdBxDuabeBMJwiuxstbsJ5EBz5ZHXOD oUQ4Kqouazu5BpHyWvleyos+gn0VLxqIjqKaW68M=
Received: from 192.168.248.204 (SquirrelMail authenticated user warlord) by mail2.ihtfp.org with HTTP; Mon, 3 Aug 2015 13:47:37 -0400
Message-ID: <2439a89a6c4eb70044e144406a732482.squirrel@mail2.ihtfp.org>
In-Reply-To: <20150803173231.GG3067@straylight.m.ringlet.net>
References: <87twsn2wcz.fsf@vigenere.g10code.de> <CAMm+LwgRJX-SvydmpUAJMmN3yysi4zzGSpO2yY4JAMhD-9xLgQ@mail.gmail.com> <87zj2ecmv8.fsf@alice.fifthhorseman.net> <CAMm+LwgKmcTes=V7uS3MjCQixWCo-i7PY=VE7eCHSqt3Ho3OSg@mail.gmail.com> <87a8udd4u6.fsf@alice.fifthhorseman.net> <sjm61503182.fsf@securerf.ihtfp.org> <CAMm+LwgEVySpfL-iN2uzX-4tu7R+isDkHE9D8uAeLTxxd4VxqQ@mail.gmail.com> <sjmwpxc1kbv.fsf@securerf.ihtfp.org> <CAAS2fgR6LYck+km5Ze6S9z65ZgsR61d8md2CqojDaceZ0OrZrw@mail.gmail.com> <9c2c8c5df67c83925d7e3c21fe943483.squirrel@mail2.ihtfp.org> <20150803173231.GG3067@straylight.m.ringlet.net>
Date: Mon, 03 Aug 2015 13:47:37 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Peter Pentchev <roam@ringlet.net>
User-Agent: SquirrelMail/1.4.22-14.fc20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/pWQlHDsk3C1AL-yVnYodMYKXfSw>
Cc: Gregory Maxwell <gmaxwell@gmail.com>, Phillip Hallam-Baker <phill@hallambaker.com>, Derek Atkins <derek@ihtfp.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Followup on fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2015 17:47:42 -0000

On Mon, August 3, 2015 1:32 pm, Peter Pentchev wrote:

>> Luckily my computations (which you unfortunately cut out) were based on
>> 30
>> million attempts per second, so my results (the attack taking over a
>> year)
>> is still correct!  Indeed, your numbers are still 3x slower than my
>> computation estimates.
>
> Um, I believe that the point is that Mallory doesn't *need* to brute-force
> anything to create two keys with almost-identical hashes.  ICBW, but I
> think
> that the idea is that Mallory, in the process of creating the first key,
> is in possession of some intermediate information that enables him to
> create
> a related key much cheaper, with a single run.

They do still need to brute-force -- they still need to find a hash
collision.  Whether they do this randomly or forcing it still requires on
the order of 2^50 operations (assuming they want to match 100 bits of a
hash).

My previous statements assumed the hashing was free, but we all know
that's not true.  On my laptop I can perform on the order of 3 to 5
million SHA operations per second (3.4 SHA256, and 4.6 SHA1) on 16 bytes
of data.  So we're still well within the 30 million trials per second. 
But how about this, I'll be nice and give you yet another order of
magnitude to 300 million attempts per second.  That STILL limits you to
~46 days to find a 100-bit collision.  But the data being hashed is more
than 16 bytes so I still think it's going to be closer to 30 vs 300
million attempts per second.

Thanks,

>
> G'luck,
> Peter

-derek

> --
> Peter Pentchev  roam@ringlet.net roam@FreeBSD.org pp@storpool.com
> PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
> Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>


-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email