On Tue, 2008-12-30 at 11:51 -0800, "Hal Finney" wrote: > Therefore the highest priority should be for the six bad CAs to change > their procedures, at least start using random serial numbers and move > rapidly to SHA1. As long as this happens before Eurocrypt or whenever > the results end up being published, the danger will have been averted. > This, I think, is the main message that should be communicated from this > important result.
Nearly everything I've seen regarding the proposed solutions to this attack have involved migration to SHA-1. SHA-1 is scheduled to be decertified by NIST in 2010, and NIST has already recommended[1] moving away from SHA-1 to SHA-2 (256, 512, etc.). Collision attacks have already been demonstrated[2] against SHA-1 back in 2005, and if history tells us anything then things will only get worse for SHA-1 from here. By not moving directly to at least SHA-2 (until the winner of the NIST hash competition is known), these vendors are likely setting themselves up for similar attacks in the (relatively) near future. [1] http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html [2] http://www.cryptography.com/cnews/hash.html -- Dustin D. Trammell Security Researcher BreakingPoint Systems, Inc.
signature.asc
Description: This is a digitally signed message part
