Sandy Harris sandyinch...@gmail.com writes:
Yes, but that paper is over ten years old. In the meanwhile, disk designs and
perhaps encoding schemes have changed, journaling file systems have become
much more common and, for all I know the attack technology may have changed
too.
It's nearly
Perry E. Metzger pe...@piermont.com writes:
Greg Rose g...@qualcomm.com writes:
It already wasn't theoretical... if you know what I mean. The writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should light a fire under people for things like TLS 1.2.
Why?
Subject says it all, does anyone know of a public, commercial CA (meaning one
baked into a browser or the OS, including any sub-CA's hanging off the roots)
ever having their certificate revoked? An ongoing private poll hasn't turned
up anything, but perhaps others know of instances where this
Peter Gutmann pgut...@cs.auckland.ac.nz writes:
Perry E. Metzger pe...@piermont.com writes:
Greg Rose g...@qualcomm.com writes:
It already wasn't theoretical... if you know what I mean. The writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should light a fire
At Sat, 02 May 2009 21:53:40 +1200,
Peter Gutmann wrote:
Perry E. Metzger pe...@piermont.com writes:
Greg Rose g...@qualcomm.com writes:
It already wasn't theoretical... if you know what I mean. The writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should
On May 2, 2009, at 5:53, Peter Gutmann wrote:
Perry E. Metzger pe...@piermont.com writes:
Greg Rose g...@qualcomm.com writes:
It already wasn't theoretical... if you know what I mean. The
writing
has been on the wall since Wang's attacks four years ago.
Sure, but this should light a fire
At Sat, 2 May 2009 15:00:36 -0400,
Matt Blaze wrote:
The serious concern here seems to me not to be that this particular
weakness is a last straw wedge that enables some practical attack
against some particular protocol -- maybe it is and maybe it isn't.
What worries me is that SHA-1 has been
It also is not going to be trivial to do this -- but it is now in the
realm of possibility.
I'm not being entirely a smartass when I say that it's always in the
realm of possibility. The nominal probability for SHA-1 -- either 2^80
or 2^160 depending on context -- is a positive number.