On 2013-04-01 22:58, Robert J. Hansen wrote: > On 04/01/2013 12:24 PM, adrelanos wrote: >> How difficult, i.e. how much computing power and time is required to >> create a key, which matches the very same fingerprint? >> >> Isn't 40 chars a bit weak? > > (Nothing I am writing here is sarcastic or non-factual.) > > At present, the only way to do a preimage attack on SHA-1 (as opposed to > a random collision) is brute-force, so about 2**159 operations. If > you've got a PC that operates at the thermodynamic limits of the > universe and can compute a SHA-1 hash in only 1000 bitflips, and you > want to achieve this collision within the space of a year, then you're > looking at needing to use about 100 exatons or more of energy.
Or put another way: If you're running a computer at 3.2K (ambient universe temperature, anything below that would require additional energy to cool it), a bit-flip requires 4.41E-23 Joules of energy. According to Wikipedia, the world produces "only" 20 279 640 GWh of elecrical power per year = 7.3E19 Joules. This is enough to count through a 139-bit counter. Only count through, not even do any calculations with it! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users