According to a rough estimate of Intel Labs-employee Jesse Walker is in 2018 is achievable to be affordable a collisionaanval to run on the SHA-1 hashes. That would mean that it is time to switch over to newer hashing algorithms.
Beveiligingsonderzoeker Bruce Schneier reports on his blog that it’s not long more it will take for the feasibility is to the success of an attack on the SHA-1 hash algorithm. He’s quoting a mail from Jesse Walker, a Principal Engineer at the security division of Intel Labs. His message appeared on a mailing list from the National Institute of Standards and Technology.
According to a rough estimate of the Walker, the cost of the equipment for such an attack in 2012 is still about 2,77 million dollars. In 2018, this will be reduced to 173.000 dollar, which for criminal organizations should be a to perform such an attack. In 2021, the sum would fall to 43.000 allowing researchers at universities such attack would be able to perform.
In the above calculation is the assumption is made that 260 attempts for an attack. Also takes Walker to that Moore’s law continues to apply and that the costs of servers would remain the same as. In 2009, published by researchers in an attack where only 252 attempts, would be necessary. Per attempt are about 214 calculations are needed. Further improvements in hardware and kraakmethodes will find collisions faster.
Hashes are used to verify the authenticity of files and data streams to ensure. They are used in secure web traffic via the web protocol https. The algorithm calculates on the basis of the key string, the hash, that is unique should be. When an attack is a collision search: a key that is the same hash results as the real key.
Bruce Schneier concludes that it is time to switch over to newer hashing algorithms such as SHA-2 and SHA-3. Earlier this week, chose the NIST to 64 propose an algorithm for the SHA-3 standard.
