RE: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-17 Thread Peter Gutmann
Weger, B.M.M. de b.m.m.d.we...@tue.nl writes: Bottom line, anyone fielding a SHA-2 cert today is not going=20 to be happy with their costly pile of bits. Will this situation have changed by the end of 2010 (that's next year, by the way), when everybody who takes NIST seriously will have to

RE: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-17 Thread Weger, B.M.M. de
Hi Peter, I have a general outline of a timeline for adoption of new crypto mechanisms (e.g. OAEP, PSS, that sort of thing, and not specifically algorithms) in my Crypto Gardening Guide and Planting Tips, http://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_guide.txt, see Question J I had

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-17 Thread Marcus Brinkmann
Weger, B.M.M. de wrote: In my view, the main lesson that the information security community, and in particular its intersection with the application building community, has to learn from the recent MD5 and SHA-1 history, is that strategies for dealing with broken crypto need rethinking. On

Re: What risk is being defended against here?

2009-01-17 Thread Florian Weimer
* Jerry Leichter: Any speculations (beyond bureaucracy at its finest)? I wild guess would be fraudulent testing organizations which claim to have been subject to fraud themselves, and the testing standards body answered with some sort of regulation. (For certain German language test instances

Re: [Opensim-dev] Technical assessment of Cable Beach asset server

2009-01-17 Thread Eugen Leitl
From: Toni Alatalo ant...@kyperjokki.fi Subject: Re: [Opensim-dev] Technical assessment of Cable Beach asset server To: opensim-...@lists.berlios.de Date: Thu, 15 Jan 2009 18:47:00 +0200 Reply-To: opensim-...@lists.berlios.de Eugen Leitl kirjoitti: On Thu, Jan 15, 2009 at 02:10:13PM +0900, Mike

Re: Bitcoin v0.1 released

2009-01-17 Thread Satoshi Nakamoto
Dustin D. Trammell wrote: Satoshi Nakamoto wrote: You know, I think there were a lot more people interested in the 90's, but after more than a decade of failed Trusted Third Party based systems (Digicash, etc), they see it as a lost cause. I hope they can make the distinction that this

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-17 Thread Steven M. Bellovin
On Mon, 12 Jan 2009 16:05:08 +1300 pgut...@cs.auckland.ac.nz (Peter Gutmann) wrote: Weger, B.M.M. de b.m.m.d.we...@tue.nl writes: Bottom line, anyone fielding a SHA-2 cert today is not going=20 to be happy with their costly pile of bits. Will this situation have changed by the end of

Re: Bitcoin v0.1 released

2009-01-17 Thread Jonathan Thornburg
On Sat, 17 Jan 2009, Satoshi Nakamoto wrote: [[various possible uses of Bitcoin et al]] Once it gets bootstrapped, there are so many applications if you could effortlessly pay a few cents to a website as easily as dropping coins in a vending machine. In the modern world, no major government