On Thu, Apr 30, 2009 at 11:07:31PM -0400, Perry E. Metzger wrote:

> Greg Rose <g...@qualcomm.com> writes:
> >> This is a very important result. The need to transition from SHA-1
> >> is no longer theoretical.
> >
> > It already wasn't theoretical... if you know what I mean. The writing
> > has been on the wall since Wang's attacks four years ago.
> Sure, but this should light a fire under people for things like TLS 1.2.

Perhaps, though the MAC in TLS cipher-suites needs just 2nd pre-image
resistance, not collision resistance. The collision resistance is more
relevant to X.509 authentication, and even there only when CA practices
are sub-optimal.

Yes, by all means, new hash functions, but lets not over-emphasize the
magnitude of the problem. This is not a SHA-1 pandemic...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to