IETF Logo Mail Archive

Re: [openpgp] Fingerprints and their collisions resistance

jbar <jeanjacquesbrucker@gmail.com> Fri, 04 January 2013 21:00 UTC

Return-Path: <jeanjacquesbrucker@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A12921F8A48 for <openpgp@ietfa.amsl.com>; Fri, 4 Jan 2013 13:00:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJBPIYKUIl5w for <openpgp@ietfa.amsl.com>; Fri, 4 Jan 2013 13:00:38 -0800 (PST)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8A57B21F8A43 for <openpgp@ietf.org>; Fri, 4 Jan 2013 13:00:38 -0800 (PST)
Received: by mail-bk0-f44.google.com with SMTP id w11so7558333bku.31 for <openpgp@ietf.org>; Fri, 04 Jan 2013 13:00:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:date:from:to:cc:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type; bh=qCdyrgBCMGKUCgQHnIZx7l0GFqY7sVZAsx5DmYM9AlM=; b=A6ARz6Tr1cBS/Tv+tSm1fccs+W5ZDRUSxVKl5H6xRxXZZCjlAQn9vy2N6OVquxgQqW xz5UhKEEP9nLXQHO8MvUlshoR8ywg7aPsnyHscGN56UrkhjIPdU2zyWK2LACRpT43e73 mGxarGkJej+S4N8Nu0OFmhVI5ZHjpvc8H3TGKOnCVEp2fbgt5AfzPaaGu0yuqPN9n2Wn yk0GmagblhhpAHpht0Sy72jT1sP4r3eznmDXe1PpC4rWjLlhqCFtKUkp8CkGISeGHSw4 PEE/0EoEVRbaAC7UZBbBUhvgJDzgXwaJaBP+xxwycTgD00Vq0hFGoi8Ql2QwWVp2iUX6 RR7Q==
X-Received: by 10.204.129.68 with SMTP id n4mr26013647bks.102.1357333237514; Fri, 04 Jan 2013 13:00:37 -0800 (PST)
Received: from localhost.localdomain (5400ECB3.dsl.pool.telekom.hu. [84.0.236.179]) by mx.google.com with ESMTPS id m20sm37766357bkw.4.2013.01.04.13.00.34 (version=SSLv3 cipher=OTHER); Fri, 04 Jan 2013 13:00:35 -0800 (PST)
Date: Fri, 04 Jan 2013 22:00:26 +0100
From: jbar <jeanjacquesbrucker@gmail.com>
To: Andrey Jivsov <openpgp@brainhub.org>
Message-Id: <20130104220026.2b1ccf24.jeanjacquesbrucker@gmail.com>
In-Reply-To: <50E733F4.90400@brainhub.org>
References: <50E530D6.6020609@brainhub.org> <D3684BB5-FDC6-4834-8FAE-C482A25E3FB0@callas.org> <50E5D6AA.6060200@brainhub.org> <874nixev2u.fsf@vigenere.g10code.de> <50E61486.9010209@brainhub.org> <20130104105328.GA5156@quelltextlich.at> <50E733F4.90400@brainhub.org>
X-Mailer: Sylpheed 3.1.3 (GTK+ 2.24.10; i586-mageia-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="PGP-SHA256"; boundary="Signature=_Fri__4_Jan_2013_22_00_26_+0100_Y=zpdq_pLSoif0TL"
Cc: Christian Aistleitner <christian@quelltextlich.at>, openpgp@ietf.org
Subject: Re: [openpgp] Fingerprints and their collisions resistance
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2013 21:00:43 -0000

On Fri, 04 Jan 2013 11:56:36 -0800
Andrey Jivsov <openpgp@brainhub.org> wrote:

> On 01/04/2013 02:53 AM, Christian Aistleitner wrote:
> > Hi Andrey,
> >
> > On Thu, Jan 03, 2013 at 03:30:14PM -0800, Andrey Jivsov wrote:
> >> Instead of 80 bit is security (birthday
> >> bounds) SHA-1 is listed as 51 bits on
> >> http://en.wikipedia.org/wiki/Message_digest.
> >
> > Since you mention the 51 bits part again and again ...
> >
> > Do you have any data / research underpinning this 51 (Besides
> > Wikipedia)?
> >
> > After all, the cited Wikipedia page links to the retracted variant of
> > an article :-(
> >
> > Otherwise, the best /theoretical/ result that I know of is just
> > above 60.
> 
> It looks like this is from the paper "Classification and Generation of 
> Disturbance Vectors for Collision Attacks against SHA-1"
> published in 2011 in Designs, Codes and Cryptography
> http://link.springer.com/article/10.1007%2Fs10623-010-9458-9?LI=true
> with 27 citations in Google scholar. There you can find a dozen of 
> different copies (or minor revisions?) of the paper and Wikipedia links 
> one of them.
> 
> Should we rather say that the _practical_ value is about 60 (it's not to 
> say that 2^60 is that practical, but that there is an expensive but an 
> actionable attack plan). The following post leads the reader to the 
> algorithm : 
> http://www.schneier.com/blog/archives/2012/10/when_will_we_se.html


In either case, humans are less than 2^33 todays and this number should not increase so much in the next decades. Even if each living human use OpenPGP and more than a dozen of keys, we are far from 2^60 or 2^51...

(even if we consider also the life expectancy)

regards,
-- 
jbar <jeanjacquesbrucker@gmail.com>

v2.23.0 | Report a Bug | By Email