RFC 6194, "Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms", March 2011Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
See Also: RFC 6194w/ inline errata
Errata ID: 3683
Publication Format(s) : TEXT
Reported By: Quynh Hung Dang
Date Reported: 2013-07-15
Verifier Name: Stephen Farrell
Date Verified: 2014-01-14
Section 3.2 says:
When n = 160, as is the case for SHA-1, it will take 2^106 computations to find a second pre-image in a 60-byte message.
It should say:
When n = 160, as is the case for SHA-1, the estimated computational complexity of finding a second preimage of any given message of about 2^60 bytes in length is 2^106 (compression function executions) which is significantly less than 2^160.
spt: I replaced 2^55 blocks with 2^60 bytes after some consultation with Lily and Quynh.