[17024] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [IP] One cryptographer's perspective on the SHA-1 result

daemon@ATHENA.MIT.EDU (james hughes)
Sun Mar 6 14:46:35 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <42286F54.12746.16BD42@localhost>
Cc: james hughes <hughejp@mac.com>
From: james hughes <hughejp@mac.com>
Date: Sun, 6 Mar 2005 14:30:24 -0500
To: cryptography@metzdowd.com


On Mar 4, 2005, at 5:23 PM, James A. Donald wrote:
> The attacks on MD*/SHA* are weak and esoteric.

On this we respectfuly disagree.

You make it sound trivial. Wang has been working on these results for 
over 10 years. She received the largest applause at Crypto 2004 session 
from her peers I have ever seen.

> It is not so fundamentally broken as to justify starting over.

on this I agree.

My recommendation for anyone that listens to (nobody) me is to abandon 
the MD series and SHA algorithms below SHA-256 for everything including 
certificates, pgp and even HMAC. But these are my inclinations. I would 
rather migrate to stronger crypto than have to continually justify why 
I continue to use algorithms that have known weaknesses.

$0.02

>     --digsig
>          James A. Donald
>      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
>      QVYtFQAELN4YlZ9xB60CvXTqW8QT8rOABMbJrPXE
>      4hz2qo1jnDwc3tmFFeyh6lG9sOrXL1783FYSh2s+v

What software do you use for this? Is it ECC or RSA?

Thanks

jim



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post