> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Thomas J. Hruska > Sent: Tuesday, March 08, 2005 12:34 PM > To: [email protected] > Subject: Re: The breaking of SHA1 > > > I'm actually more favorably disposed towards using a non-MD4 lookalike. > SHAx looks and feels too much like MD4/MD5. Unfortunately, > not very many > cryptographic hashes exist that haven't been broken in some way. > Development of cryptographic hashes pretty much halted back in > late 1999. >
All that most people want is encryption that is "pretty much unbreakable for most people" The 56 bit DES and other weak and crackable algorithms are enough to keep the casual cracker out like the 15 year old kid. 3DES with a bad randomizer generating keys is good enough to block your criminal types wanting to steal credit card #s. None of these present much of an obstacle to governments, but most people aren't worried if the government can spy on their data. Oh, they will give lip service readily enough, but when it comes to putting their money where their mouths are, espically if that means switching to different application that uses a better algorithm, most of them won't switch. Nor will they pay a royalty to use a completely secure algorithm when a free and less secure one is available. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
