This
is interesting news. McDonald, Hawkes and Pieprzyk claim that they
have reduced the collision strength of SHA-1 to 2^{52}. As usual,
don't panic: collisions are hard to exploit. However, this implies
that the wise CA would transition at least to randomized serial
numbers and that the SHA-256 transition is now more important.
I'm still trying to decipher this Schnorr presentation entitled "Average Time Fast SVP and CVP Algorithms: Factoring Integers in Polynomial Time". Presumably, if this led to a practical attack, Schnorr would have presented it differently, but I'd be interested to see an analysis of the impact of it, if any, from a real cryptographer.
Leave a comment