alt Hacker NewsFirst of all, nice writeup. I am a bit surprised that so much GPU power was needed to find such short collision but it was nice to see his implementation nevertheless.
Regarding the last section, is 40k a reasonable price for one month of security analysis? Does this mean that a good security researcher make about 500k/yr?
Replies
That seems very reasonable to me. It seems like the pentest companies I have worked with in the past charge that much and just do a lazy nmap/metasploit scan and wrap it into a nice PDF.
> so much GPU power was needed
In post-LLM age one hour of compute on a 4090 is closer to "so less" than "so much". You can have that for less than $1.
2^(12*4) is 281,474,976,710,656 possible 12 character strings so seriously impressive that it can look through that many in an hour.
It means a good security research company might make $500k for a good researcher, if they could bring in enough work to keep them 100% utilised. Less actually, given paid time off.