It also is not going to be trivial to do this -- but it is now in the
realm of possibility.
I'm not being entirely a smartass when I say that it's always in the
realm of possibility. The nominal probability for SHA-1 -- either 2^80
or 2^160 depending on context -- is a positive number. It's small, but
it's always possible.
The recent case of cert collisions happened because of two errors,
hash problems and sequential serial numbers. If either had been
corrected, the problem wouldn't have happened.
I liken in in analogy to a fender-bender that happened because the
person responsible had both worn-out brakes (an easily-fixable
technological problem) and was tailgating (an easily-fixable
suboptimal operational policy). It's a mistake to blame the wreck on
either. It's enlightening to point out that either a good policy or a
more timely upgrade schedule would have made the problem not occur.
The problem right now is not that MD5, SHA1, etc. are broken. It is
that they are broken in ways that you have to be an expert to
understand and even the experts get into entertaining debates about.
Any operational expert worth their salt should run screaming from a
technology that the boffins have debates about flaws over dinner.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
