[LUAU] all your hash are belong to us
Jim Thompson
jim at netgate.com
Sat Sep 1 21:21:36 PDT 2007
find some scrapped HD video stunt box boards on ebay,
do a little world-class hacking,
and break "secure" hash functions while you wait
http://nsa.unaligned.org/index.php
Now for the bad news...
(A) He's using 4 year old hardware. Apply 3 cycles of Moore's Law.
(Literally, He's using Virtex II, and Virtex V is out.)
(B) His result, searching the 8-char keyspace in one day, implies that
he's using a single box. 64**8 keys / 15 FPGAs / 200 MHz (approx)
= 94000 seconds =~ 1 day. There's nothing keeping someone with
a real hardware budget from ganging a few racks of these together.
So where do we go from here? Secure hashes are a very useful
mechanism, but between this hack (and obvious extrapolations of what
it can do) and the Chinese collision generation algorithms, the
commonly used hash functions aren't looking so good.
Do we just move further up the SHA chain, sha-256, sha-512, etc.,
or are they just buying us a few years?
Jim
More information about the LUAU
mailing list