[144424] in cryptography@c2.net mail archive
Re: SHA-1 collisions now at 2^{52}?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed May 6 11:04:03 2009
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: perry@piermont.com, pgut001@cs.auckland.ac.nz
Cc: cryptography@metzdowd.com, ggr@qualcomm.com
In-Reply-To: <87ws8zwoyq.fsf@snark.cb.piermont.com>
Date: Thu, 07 May 2009 03:00:50 +1200
"Perry E. Metzger" <perry@piermont.com> writes:
>Home routers and other equipment last for years. If we slowly roll out
>various protocol and system updates now, then in a number of years, when we
>find ourselves with real trouble, a lot of them will already be updated
>because new ones won't have issues.
I'm not really sure if it works that way. From my experience with SSH in
routers [0] I'd say it's more like:
Binary images in routers last years. If we deploy first-cut, buggy
implementations of new protocols now, we'll have to support the bugs in a
backwards-compatible manner for the rest of eternity.
That is, in the absence of widely-deployed, mature implementations to test
against, router vendors will (if they were to ship with this right now) deploy
pre-alpha quality code that would then be frozen for the rest of eternity. I
have to maintain support for ten-year-old SSH bugs in my code because of ports
to... well, unnamed vendors' systems done a decade or so back that never get
touched again once the initial version got to the point where it would respond
to a packet. So if vendors are going to bake things into firmware (which
includes firmware images that never get updated, more or less the same thing)
then I'd prefer they hold on a bit until it's certain they've got somewhat
more mature code.
Peter.
[0] Implementations of this are easier to date than SSL, and also a lot
buggier so there's more to watch out for.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
