[144387] in cryptography@c2.net mail archive
Re: SHA-1 collisions now at 2^{52}?
daemon@ATHENA.MIT.EDU (Victor Duchovni)
Fri May 1 15:28:46 2009
Date: Fri, 1 May 2009 00:10:53 -0400
From: Victor Duchovni <Victor.Duchovni@morganstanley.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Reply-To: cryptography@metzdowd.com
Mail-Followup-To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <87vdolikr0.fsf@snark.cb.piermont.com>
On Thu, Apr 30, 2009 at 11:07:31PM -0400, Perry E. Metzger wrote:
>
> Greg Rose <ggr@qualcomm.com> writes:
> >> This is a very important result. The need to transition from SHA-1
> >> is no longer theoretical.
> >
> > It already wasn't theoretical... if you know what I mean. The writing
> > has been on the wall since Wang's attacks four years ago.
>
> Sure, but this should light a fire under people for things like TLS 1.2.
Perhaps, though the MAC in TLS cipher-suites needs just 2nd pre-image
resistance, not collision resistance. The collision resistance is more
relevant to X.509 authentication, and even there only when CA practices
are sub-optimal.
Yes, by all means, new hash functions, but lets not over-emphasize the
magnitude of the problem. This is not a SHA-1 pandemic...
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
