Assuming you could rededicate the whole network to attacking SHA-1 (which you practically couldn't, the ASICs would need replacing) you could break 2^10 intermediate SHA-1 signed CA certs per year, and compromise the whole current deployment of HTTPS.
With the ability to generate collisions, it becomes easier to trick a CA into signing an evil certificate, but collisions don't help if you want to break someone else's certificate.
p1mrx is correct - creating plain SHA-1 collisions shouldn't break the CA system.
Even though it's believed that one can create an identical-prefix collision with that amount of work, after the MD5 Industries demo all CAs now inject at least 64 bits of randomness into the signed certificate. Thus the certificate that they actually sign isn't predictable and doesn't have an identical prefix.
Technically what one needs to break is the target-collision-resistance of SHA-1, and that's standing up much better.
For things like git, however, an identical-prefix SHA-1 collision would be a problem.
Assuming that the hashes are equivalent difficulty (I don't know if they are): Given that the market cap of Bitcoin is ~$1B, imagine what you could do if you had ~$1-200M and wanted to crack some certificates...
Whatever you may think about Bitcoin itself, the _story_ of Bitcoin is impressive. Bitcoin started as a small, open source hacker project by an anonymous fellow on the internet. Somehow, this has snowballed to the point where an entire datacenter's worth of custom computing power is being thrown at it. That's inspiring and amazing no matter how you slice it.
Amidst the on-going onslaught against our digital world, it's refreshing to see what people can accomplish using open source ideals.
There must be a law that describes this type of comment. Something to the effect of "When any given project passes a certain inertia, someone will invariably comment that 'it would be nice/better if XXX could be used to help the less fortunate on this planet'".
We can start applying this law to things like String Theory, cures for Male Pattern Baldness and whatever else doesn't directly benefit some 3rd world shithole.
You assume that energy that isn't used for the network would automagically go to "less fortunate" people. It wouldn't. Power lines don't appear out of thin air, neither do governments who provide a stable environment for them to be built in.
[+] [-] ctz|12 years ago|reply
Assuming you could rededicate the whole network to attacking SHA-1 (which you practically couldn't, the ASICs would need replacing) you could break 2^10 intermediate SHA-1 signed CA certs per year, and compromise the whole current deployment of HTTPS.
[+] [-] p1mrx|12 years ago|reply
https://code.google.com/p/hashclash/
With the ability to generate collisions, it becomes easier to trick a CA into signing an evil certificate, but collisions don't help if you want to break someone else's certificate.
[+] [-] mrb|12 years ago|reply
But your point remains valid :)
[+] [-] agl|12 years ago|reply
Even though it's believed that one can create an identical-prefix collision with that amount of work, after the MD5 Industries demo all CAs now inject at least 64 bits of randomness into the signed certificate. Thus the certificate that they actually sign isn't predictable and doesn't have an identical prefix.
Technically what one needs to break is the target-collision-resistance of SHA-1, and that's standing up much better.
For things like git, however, an identical-prefix SHA-1 collision would be a problem.
[+] [-] ISL|12 years ago|reply
[+] [-] fpgaminer|12 years ago|reply
Amidst the on-going onslaught against our digital world, it's refreshing to see what people can accomplish using open source ideals.
[+] [-] o_s_m|12 years ago|reply
[+] [-] mrb|12 years ago|reply
- it is helping Argentinians escape their government's stupidity who is inflating their currency and limiting access to safer currencies (eg. USD) [1]
- it is helping Iranians working or living abroad to send bitcoins to their families [2]
- it is freeing people from financial censorship, eg. oppressive governments freezing bank accounts or donations to political opposition
- etc
The effect of Bitcoin on society is just barely starting to be seen! A decentralized currency truly has an amazing potential.
[1] http://blogs.wsj.com/moneybeat/2013/07/17/bitcoin-downloads-...
[2] http://www.businessweek.com/articles/2012-11-29/dollar-less-...
[+] [-] laichzeit0|12 years ago|reply
We can start applying this law to things like String Theory, cures for Male Pattern Baldness and whatever else doesn't directly benefit some 3rd world shithole.
(P.S. I live in a 3rd world shithole :)
[+] [-] ISL|12 years ago|reply
[+] [-] nkuttler|12 years ago|reply
[+] [-] pfortuny|12 years ago|reply
[+] [-] TallGuyShort|12 years ago|reply
[+] [-] vbuterin|12 years ago|reply
http://bitcoinmagazine.com/5635/primecoin-the-cryptocurrency...
[+] [-] drcode|12 years ago|reply
[+] [-] hnolable|12 years ago|reply