Hello, welcome to the Friday, February 24th, 2017 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Scottsdale, Arizona.

The big news today comes from researchers who, with the help of Google's computing resources,

were able to find two collisions for Shaw One. For a few years now,

it was known that Shah One was on its way out, but still this announcement came somewhat as a

surprise. It did take quite significant computing resources still to find this particular collision,

but overall the resources used weren't really

all that outrageous. The researchers did enumerate it to about $100,000 worth of computing

time. The problem that killed Sha Wan in the end was not just that computing time has become cheaper and CPUs and

GPUs have become faster, but also that the algorithm wasn't as strong as originally believed.

Shah 1 hashes are 80 bits in size, so you would think that you have about 2 to the power

of 80 different possibilities here that you have about two to the power of 80 different possibilities

here that you have to consider. But due to some weaknesses discovered in Chabon, in particular

by the researchers that were part of this collaboration, the actual number of computations being required is closer to the power of 66.

So that's more than 100,000 times easier than originally believed.

And these weaknesses in the algorithm, of course, were no news, and they had been announced

for a while, so this is why Shah-1 was considered on its way out.

Many browsers with the end of the year did no longer trust certificates signed by

Shaw-Wan, and of course,, certificate authorities stopped also issuing new certificates

based on Shah 1 signatures.

Shah 2, which is based on Shah 256 and Shah 512, is still considered safe enough.

So signatures now should definitely use these algorithms. However, there are still

...