lance james <> writes:
> stupid question - does this effect IPSec realistically as well?

IPSec and IPSec related protocols like IKE use SHA-1 in various
places. Whether those actually could be attacked using the known
weaknesses in SHA-1 would require detailed examination of the individual

In general, uses that require only preimage resistance are not yet at
risk, those that require collision resistance are. However, as has been
seen in the MD5-based fake CA attack, sufficiently clever people can
sometimes come up with ways to turn something that appears to depend on
preimage resistance into something that really only depends on collision

This is all another way of saying "no reason to panic, but moving to
things that use SHA-2 instead of SHA-1 would be a good idea".


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to