Steven M. Bellovin wrote:
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go. The problem is how to get there from
here.
I've been rather continually pinging people,
Steven M. Bellovin [EMAIL PROTECTED] writes:
We all understand the need to move to better hash algorithms than SHA1. At a
minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is
the right way to go. The problem is how to get there from here.
So -- what should we as a
- Original Message -
From: Steven M. Bellovin [EMAIL PROTECTED]
Subject: how to phase in new hash algorithms?
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go
Hi,
Ian G wrote:
Steven M. Bellovin wrote:
So -- what should we as a community be doing now? There's no
emergency on SHA1, but we do need to start, and soon.
The wider question is how to get moving on new hash
algorithms. That's a bit tricky.
Normally we'd look to see NIST or the NESSIE guys
We all understand the need to move to better hash algorithms than SHA1.
At a minimum, people should be switching to SHA256/384/512; arguably,
Whirlpool is the right way to go. The problem is how to get there from
here.
OpenSSL 0.9.7 doesn't even include anything stronger than SHA1. As a
Steven M. Bellovin wrote:
So -- what should we as a community be doing now? There's no emergency
on SHA1, but we do need to start, and soon.
The wider question is how to get moving on new hash
algorithms. That's a bit tricky.
Normally we'd look to see NIST or the NESSIE guys
lead a competition.