Those are theoretical figures for a custom built machine costing an estimated $50K-$75K. With general purpose computers it would take a lot longer. The recently discovered algorithm for finding SHA1 collisions makes it possible to find a collision in 2^69 collision (opposed to the 2^80 you would expect with brute force) so this means this custom built machine would take an estimated 3 1/2 years to find a collision.
But just finding a SHA1 collision isn't enough to break the Xbox's security system. You need to find a collision between the hash of a existing file (one that's already been signed by MS) and the hash of a file that does something we want (most likely patch public key in memory). This is known as a preimage attack. The recently discovered algorithm for finding SHA1 collisions does not help at all with this. We still don't know any method better than brute force for this situation. So you'd expect 2^80 SHA1 operations. Even for the custom built machine mentioned above this would take 3.5 * 2^11 = about 7000 years. General purpose computers would take much longer.
I wouldn't hold your breath for an attack on the Xbox's security system based on finding a SHA1 collision.
Author
Topic: Md5 Cracking Source Released (Read 57 times)