We all understand the need to move to better hash algorithms than SHA1. At a minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is the right way to go. The problem is how to get there from here.
OpenSSL 0.9.7 doesn't even include anything stronger than SHA1. As a practical matter, this means that no one can use anything stronger in certificates, especially root certificates. Worse yet, people can't use anything stronger for public consumption for at least five years after a stronger hash algorith is available -- we have to wait until most older software has died off, since most machines are never upgraded. This means that appearance of the code in client machines is on the critical path. I've heard that OpenSSL 0.9.8 will include stronger hashes, but there's no work in progress to backport the code to 0.9.7. So -- what should we as a community be doing now? There's no emergency on SHA1, but we do need to start, and soon. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]