On Thu, Apr 30, 2009 at 11:07:31PM -0400, Perry E. Metzger wrote: > > Greg Rose <g...@qualcomm.com> writes: > >> This is a very important result. The need to transition from SHA-1 > >> is no longer theoretical. > > > > It already wasn't theoretical... if you know what I mean. The writing > > has been on the wall since Wang's attacks four years ago. > > Sure, but this should light a fire under people for things like TLS 1.2.
Perhaps, though the MAC in TLS cipher-suites needs just 2nd pre-image resistance, not collision resistance. The collision resistance is more relevant to X.509 authentication, and even there only when CA practices are sub-optimal. Yes, by all means, new hash functions, but lets not over-emphasize the magnitude of the problem. This is not a SHA-1 pandemic... -- Viktor. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com