Author vstinner
Recipients Arfrever, Huzaifa.Sidhpurwala, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.araujo, georg.brandl, gvanrossum, jcea, lemburg, pitrou, terry.reedy, v+python, vstinner
Date 2012-01-05.22:49:32
SpamBayes Score 6.73643e-09
Marked as misclassified No
Message-id <1325803773.15.0.326274033406.issue13703@psf.upfronthosting.co.za>
In-reply-to
Content
> What I propose is to make the amount of information necessary
> to analyze and generate collisions impractically large.

Not only: the attacker has to compute the collisions for the new seed. I don't know how long it is, the code to generate collisions is not public yet. I suppose than generating collisions is longer if we change the hash function to add more instructions (I don't know how much).

If generating the collisions requires a farm of computers / GPUs / something else and 7 days, it doesn't matter if it's easy to retreive the secret.

If the attack wants to precompute collisions for all possible seeds, (s)he will also have to store them. With 64 bits of entropy, if an attack is 1 byte long, you have to store 2^64 bytes (16,777,216 TB).

It is a problem if it takes less than a day with a desktop PC to generate data for an attack. In this case, it should be difficult to compute the secret.
History
Date User Action Args
2012-01-05 22:49:33vstinnersetrecipients: + vstinner, lemburg, gvanrossum, barry, georg.brandl, terry.reedy, jcea, pitrou, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, v+python, alex, dmalcolm, Mark.Shannon, Zhiping.Deng, Huzaifa.Sidhpurwala, PaulMcMillan
2012-01-05 22:49:33vstinnersetmessageid: <1325803773.15.0.326274033406.issue13703@psf.upfronthosting.co.za>
2012-01-05 22:49:32vstinnerlinkissue13703 messages
2012-01-05 22:49:32vstinnercreate