lance james lan...@securescience.net writes:
stupid question - does this effect IPSec realistically as well?
IPSec and IPSec related protocols like IKE use SHA-1 in various
places. Whether those actually could be attacked using the known
weaknesses in SHA-1 would require detailed examination of
Quoting Perry E. Metzger pe...@piermont.com:
Ray Dillinger b...@sonic.net writes:
I cannot derive a realistic threat model from the very general
statements in the slides.
(BTW, you mean threat, not threat *model*, in this instance.)
As just one obvious example of a realistic threat,
On Sat, May 2, 2009 at 12:33 PM, Perry E. Metzger pe...@piermont.com wrote:
As just one obvious example of a realistic threat, consider that there
are CAs that will happily sell you certificates that use SHA-1.
Various clever forgery attacks have been used against certs that use
MD5, see:
On Sun, May 3, 2009 at 4:35 PM, Christian Rechberger
christian.rechber...@tugraz.at wrote:
The design of DES facilitates this kind of throughput/cost gains on FPGAs.
Remember that the MD4 family (incl. SHA-1) was designed to be efficient on
32-bit CPUs. For these hash functions, it is much
On Sat, May 2, 2009 at 12:33 PM, Perry E. Metzger pe...@piermont.com wrote:
As just one obvious example of a realistic threat, consider that there
are CAs that will happily sell you certificates that use SHA-1.
Various clever forgery attacks have been used against certs that use
MD5, see:
It also is not going to be trivial to do this -- but it is now in the
realm of possibility.
I'm not being entirely a smartass when I say that it's always in the
realm of possibility. The nominal probability for SHA-1 -- either 2^80
or 2^160 depending on context -- is a positive number.
On Thu, 2009-04-30 at 13:56 +0200, Eugen Leitl wrote:
http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
Wow! These slides say that they discovered a way to find collisions
in SHA-1 at a cost of only 2^52 computations. If this turns out to
be right (and the authors
Ray Dillinger b...@sonic.net writes:
I cannot derive a realistic threat model from the very general
statements in the slides.
(BTW, you mean threat, not threat *model*, in this instance.)
As just one obvious example of a realistic threat, consider that there
are CAs that will happily sell
Perry E. Metzger pe...@piermont.com writes:
For example, Verisign has lots of cert infrastructure right now that
uses SHA-1. Imagine if I now use the above described attack and start
forging certs that look to all the world like they're from Verisign and
claim that I'm a major bank, or to
From: Zooko O'Whielacronx zo...@zooko.com
Subject: [tahoe-dev] SHA-1 broken! (was: Request for hash-dependency in
Tahoe security.)
To: nejuc...@gmail.com, tahoe-...@allmydata.org
Date: Wed, 29 Apr 2009 15:59:05 -0600
Reply-To: tahoe-...@allmydata.org
On Apr 29, 2009, at 11:51 AM, Nathan
10 matches
Mail list logo