[102156] in North American Network Operators' Group
RE: potential hazards of Protect-America act
daemon@ATHENA.MIT.EDU (Frank Bulk)
Tue Jan 29 22:38:27 2008
Reply-To: <frnkblk@iname.com>
From: "Frank Bulk" <frnkblk@iname.com>
To: "'Steven M. Bellovin'" <smb@cs.columbia.edu>
Cc: <michael.dillon@bt.com>, <nanog@nanog.org>
Date: Tue, 29 Jan 2008 21:35:39 -0600
In-Reply-To: <20080130031235.39e41c4e@cs.columbia.edu>
Errors-To: owner-nanog@merit.edu
I think I need to eat crow on the MD5 comment -- I was confused with SHA,
which although has been attacked, is still holding up:
http://www.schneier.com/blog/archives/2007/01/sha1_cracked.html
Frank
-----Original Message-----
From: Steven M. Bellovin [mailto:smb@cs.columbia.edu]
Sent: Tuesday, January 29, 2008 9:13 PM
To: frnkblk@iname.com
Cc: michael.dillon@bt.com; nanog@nanog.org
Subject: Re: potential hazards of Protect-America act
On Tue, 29 Jan 2008 20:28:05 -0600
"Frank Bulk" <frnkblk@iname.com> wrote:
>
> Pretty good in the generalities, but there are few finer technical
> points that could be been precisely and accurately stated. One that
> comes to mind was the MD5 reference, another was the "50% loss" when
> talking about performing an optical split.
>
Speaking as one of the authors, we did our best. (But what do you mean
about MD5? That was taken straight from the FOIAed FBI documents, and
from conversations with people in law enforcement I'm quite certain
that MD5 is still used -- inappropriately! -- in sensitive places.)
--Steve Bellovin, http://www.cs.columbia.edu/~smb
