Trust, which trust?
"If users see disruption – for example, too many “insecure site” warnings – they fear that trust in the Internet will be undermined."
They must have been living under a rock, if they haven't lost trust in the internet already.
Facebook has set the date: on September 30, the ancient and creaking SHA-1 hashing algorithm will make its tumbril trip and get the chop. SHA-1, designed by the NSA in 1995, is a one-way algorithm: a block of data is turned into a message digest. The digest can't be turned back into the original message, but serves as a …
Both articles conflate two distinct uses of SHA-1. The CAB Forum are largely concerned with SHA-1 as used in certificate signatures (formally sha1WithRSAEncryption). Separately, SHA-1 or SHA-2 are used in a TLS cipher as a message authentication code (or more correctly, HMAC). HMAC-SHA1, like other HMACs, is not susceptible to collision attacks. That said, RFC 7525 recommends only SHA-2 using ciphers, but leaves SHA-1 using ciphers unchanged (and still mandatory for interop).
Im not sure, but bitcoin mining stuff is ASIC based and is geared for the SHA-256 based bitcoin hashes.
The lowest power stuff is in the measure of 10s of gigahashes per second. An ANTMINER S2 can do 1000 gigahashes per second.
There is mining kit out therebthat can do over 3TH/s.
Not sure if you can rejig a BTC miner for the purposes of bruteforcing garden variety hashes...it'd be interesting to know if its possible though.
Biting the hand that feeds IT © 1998–2019