- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
Subject: how to phase in new hash algorithms?
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go.
| if a re-issued a new token/card (to replace a lost/stolen token/card) is
| identical to the lost/stolen token/card ... then it is likely that there is no
| something you have authentication involved (even tho a token/card is
| involved in the process) ... and therefor the infrastructure is just
Hi,
Ian G wrote:
Steven M. Bellovin wrote:
So -- what should we as a community be doing now? There's no
emergency on SHA1, but we do need to start, and soon.
The wider question is how to get moving on new hash
algorithms. That's a bit tricky.
Normally we'd look to see NIST or the NESSIE guys
It was suggested at the SAAG meeting at the Minneapolis IETF that a way
to deal with weakness in hash functions was to create a new hash
function from the old like so:
H'(x)=Random || H(Random || x)
However, this allows an attacker to play with Random (the advice I've
seen is that if one is
