On Sun, 26 Feb 2017, Keith Medcalf wrote:
So you would need 6000 years of computer time to compute the collision on the SHA1 signature, and how much additional time to compute the trapdoor (private) key, in order for the cert to be of any use?
1) Wasn't the 6000 years estimate from an article >10 years ago? Computers have gotten a bit faster. 2) I suspect the sort of person interested in doing this, unburdened by ethics, would have no issues using a large botnet to speed up the process. How long does it take if you have a million PCs working on the problem? ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________