[Dnssec-deployment] Starting with SHA1?
fweimer at bfk.de
Thu Aug 5 10:38:56 EDT 2010
* Ondřej Surý:
> f.e. if I have a RRSet 2^13 bits long (approx what .CZ has for DNSKEY
> RRSIG now) then the collision search is reduced to 2^(256/2)-(13/2),
> i.e. to 2^122.
Are you sure about the numbers? I think 2**k is supposed to be the
block count, so you've got k=4. And if the formulas indeed apply, you
still need 2**(256/2 - 4/2 + 4) = 2**130 invocations of the
compression function, which is more effort than the 2**128 invocations
needed for finding a collision using the birthday approach.
Also keep in mind that we don't know whether SHA-512 is indeed more
secure than SHA-256.
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Dnssec-deployment