It also is not going to be trivial to do this -- but it is now in the
realm of possibility.

I'm not being entirely a smartass when I say that it's always in the realm of possibility. The nominal probability for SHA-1 -- either 2^80 or 2^160 depending on context -- is a positive number. It's small, but it's always possible.

The recent case of cert collisions happened because of two errors, hash problems and sequential serial numbers. If either had been corrected, the problem wouldn't have happened.

I liken in in analogy to a fender-bender that happened because the person responsible had both worn-out brakes (an easily-fixable technological problem) and was tailgating (an easily-fixable suboptimal operational policy). It's a mistake to blame the wreck on either. It's enlightening to point out that either a good policy or a more timely upgrade schedule would have made the problem not occur.

The problem right now is not that MD5, SHA1, etc. are broken. It is that they are broken in ways that you have to be an expert to understand and even the experts get into entertaining debates about. Any operational expert worth their salt should run screaming from a technology that the boffins have debates about flaws over dinner.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to