----- Original Message ----- From: "Jerrold Leichter" <[EMAIL PROTECTED]>
Subject: Re: First quantum crypto bank transfer
Alternatively, how anyone can have absolute confidence in conventional crypto
in a week when a surprise attack appears against a widely-fielded primitive
like MD5 is beyond me. Is our certainty about AES's security really any
better today than was our certainty about RIPEM - or even SHA-0 - was three
weeks ago?
-- Jerry
Actually for years the cryptography community has been saying "retire MD5," SHA-0 has been required to be replaced by SHA-1 for some time, the RIPEM series is functionally-speaking unused and represented the only real surprise. Except for RIPEM there were known to be reasons for this, MD5 was known to be flawed, SHA-0 was replaced because it was flawed (although knowledge of the nature of the flaw was hidden). Even with RIPEM (and SHA-1 for the same reason) I have plans in place (and have had for some time) the move away from 160-bit hashes to larger ones, so the attack on RIPEM had little effect on me and my clients, even a full attack on SHA-1 would have little effect on the clients that actually listen (they all have backup plans that involve the rest of the SHA series and at the very least Whirlpool).
So basically I encourage my clients to maintain good business practices which means that they don't need to have belief in the long term security of AES, or SHA-1, or RSA, or ......... This is just good business, and it is a process that evolved to deal with similar circumstances.
Joe
Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
