Re: how to phase in new hash algorithms?

2005-03-25 Thread Dan Kaminsky
Steven M. Bellovin wrote: We all understand the need to move to better hash algorithms than SHA1. At a minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is the right way to go. The problem is how to get there from here. I've been rather continually pinging people,

Re: how to phase in new hash algorithms?

2005-03-25 Thread Peter Gutmann
Steven M. Bellovin [EMAIL PROTECTED] writes: We all understand the need to move to better hash algorithms than SHA1. At a minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is the right way to go. The problem is how to get there from here. So -- what should we as a

Re: how to phase in new hash algorithms?

2005-03-21 Thread Joseph Ashwood
- Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] Subject: how to phase in new hash algorithms? We all understand the need to move to better hash algorithms than SHA1. At a minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is the right way to go

Re: how to phase in new hash algorithms?

2005-03-21 Thread Bart Preneel
As ex-NESSIE project manager: NESSIE was an EU-funded research project with funding for 40 months (2000-2003). The NESSIE guys still exist as individual organizations but the NESSIE project is no longer in existence. There is a follow-up, but with somewhat different goals, called ECRYPT

Re: how to phase in new hash algorithms?

2005-03-21 Thread Christopher Wolf
Hi, Ian G wrote: Steven M. Bellovin wrote: So -- what should we as a community be doing now? There's no emergency on SHA1, but we do need to start, and soon. The wider question is how to get moving on new hash algorithms. That's a bit tricky. Normally we'd look to see NIST or the NESSIE guys

how to phase in new hash algorithms?

2005-03-20 Thread Steven M. Bellovin
We all understand the need to move to better hash algorithms than SHA1. At a minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is the right way to go. The problem is how to get there from here. OpenSSL 0.9.7 doesn't even include anything stronger than SHA1. As a

Re: how to phase in new hash algorithms?

2005-03-20 Thread Ian G
Steven M. Bellovin wrote: So -- what should we as a community be doing now? There's no emergency on SHA1, but we do need to start, and soon. The wider question is how to get moving on new hash algorithms. That's a bit tricky. Normally we'd look to see NIST or the NESSIE guys lead a competition.