[142208] in cryptography@c2.net mail archive
Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Sun Jan 11 13:22:36 2009
Date: Sat, 10 Jan 2009 23:06:46 -0500
From: Victor Duchovni <Victor.Duchovni@morganstanley.com>
To: cryptography <cryptography@metzdowd.com>
Mail-Followup-To: cryptography <cryptography@metzdowd.com>
In-Reply-To: <7DF2365FF07C0E4E89419D65CCC93C9E01435C239495@EXCHANGE11.campus.tue.nl>
On Sat, Jan 10, 2009 at 11:32:44PM +0100, Weger, B.M.M. de wrote:
> Hi Victor,
>
> > Bottom line, anyone fielding a SHA-2 cert today is not going
> > to be happy with their costly pile of bits.
>
> Will this situation have changed by the end of 2010 (that's
> next year, by the way), when everybody who takes NIST seriously
> will have to switch to SHA-2?
Extremely unlikely in the case of SSL/TLS and X.509 certs. There is
a huge install-base of systems on which SHA-2 certs will failed SSL
handshakes. When Windows XP systems are <1% of the install-base, when
OpenSSL 0.9.8 is <1% of the install-base and 0.9.9 too (if the
support is not added before it goes official), and all the browsers,
Java libraries, ... support SHA-2, then you can deploy SHA-2 certs.
I would estimate 5-8 years, if developers of all relevant mainstream
implementations start to address the issue now. SHA-1 will be with
us well after 2010. New applications written in 2010 will ideally
support SHA-2, but SHA-1 will probably still be the default digest
in many applications through 2013 or 2015.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
