lance james writes:
> stupid question - does this effect IPSec realistically as well?
IPSec and IPSec related protocols like IKE use SHA-1 in various
places. Whether those actually could be attacked using the known
weaknesses in SHA-1 would require detailed examination of the individual
protocol
On Sun, May 3, 2009 at 4:35 PM, Christian Rechberger
wrote:
> The design of DES facilitates this kind of throughput/cost gains on FPGAs.
>
> Remember that the MD4 family (incl. SHA-1) was designed to be efficient on
> 32-bit CPUs. For these hash functions, it is much harder to get a
> throughput/c
On Sat, May 2, 2009 at 12:33 PM, Perry E. Metzger wrote:
As just one obvious example of a realistic threat, consider that there
are CAs that will happily sell you certificates that use SHA-1.
Various clever forgery attacks have been used against certs that use
MD5, see:
http://www.win.tue.nl/
Quoting "Perry E. Metzger" :
Ray Dillinger writes:
I cannot derive a realistic threat model from the very general
statements in the slides.
(BTW, you mean threat, not threat *model*, in this instance.)
As just one obvious example of a realistic threat, consider that there
are CAs that will
On Sat, May 2, 2009 at 12:33 PM, Perry E. Metzger wrote:
> As just one obvious example of a realistic threat, consider that there
> are CAs that will happily sell you certificates that use SHA-1.
>
> Various clever forgery attacks have been used against certs that use
> MD5, see:
>
> http://www.w
It also is not going to be trivial to do this -- but it is now in the
realm of possibility.
I'm not being entirely a smartass when I say that it's always in the
realm of possibility. The nominal probability for SHA-1 -- either 2^80
or 2^160 depending on context -- is a positive number. It'
"Perry E. Metzger" writes:
> For example, Verisign has lots of cert infrastructure right now that
> uses SHA-1. Imagine if I now use the above described attack and start
> forging certs that look to all the world like they're from Verisign and
> claim that I'm a major bank, or to forge a CA that
Ray Dillinger writes:
> I cannot derive a realistic threat model from the very general
> statements in the slides.
(BTW, you mean threat, not threat *model*, in this instance.)
As just one obvious example of a realistic threat, consider that there
are CAs that will happily sell you certificate
On Thu, 2009-04-30 at 13:56 +0200, Eugen Leitl wrote:
> > http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
> Wow! These slides say that they discovered a way to find collisions
> in SHA-1 at a cost of only 2^52 computations. If this turns out to
> be right (and the aut
From: Zooko O'Whielacronx
Subject: [tahoe-dev] SHA-1 broken! (was: Request for hash-dependency in
Tahoe security.)
To: nejuc...@gmail.com, tahoe-...@allmydata.org
Date: Wed, 29 Apr 2009 15:59:05 -0600
Reply-To: tahoe-...@allmydata.org
On Apr 29, 2009, at 11:51 AM, Nathan wrote:
&
10 matches
Mail list logo