Re: Certainty

2009-08-21 Thread james hughes
Caution, the following contains a rant. On Aug 19, 2009, at 3:28 PM, Paul Hoffman wrote: I understand that creaking is not a technical cryptography term, but certainly is. When do we become certain that devastating attacks on one feature of hash functions (collision resistance) have any

Re: Certainty

2009-08-21 Thread Greg Rose
On 2009 Aug 19, at 3:28 , Paul Hoffman wrote: At 5:28 PM -0400 8/19/09, Perry E. Metzger wrote: I believe attacks on Git's use of SHA-1 would require second pre- image attacks, and I don't think anyone has demonstrated such a thing for SHA-1 at this point. None the less, I agree that it

Re: Certainty

2009-08-21 Thread John Gilmore
Getting back towards topic, the hash function employed by Git is showing signs of bitrot, which, given people's desire to introduce malware backdoors and legal backdoors into Linux, could well become a problem in the very near future. James A. Donald I believe attacks

Re: Client Certificate UI for Chrome? [OT anonymous-transaction bull***t]

2009-08-21 Thread Ray Dillinger
[Moderator's note: this is getting a bit off topic, and I'd prefer to limit followups. --Perry] On Wed, 2009-08-19 at 06:23 +1000, James A. Donald wrote: Ray Dillinger wrote: If there is not an existing relationship (first time someone uses an e-tailer) then there has to be a key

Re: Client Certificate UI for Chrome? -- OT anonymous-transaction

2009-08-21 Thread Anne Lynn Wheeler
On 08/20/09 00:11, Ray Dillinger wrote: No. This juvenile fantasy is complete and utter nonsense, and I've heard people repeating it to each other far too often. If you repeat it to each other too often you run the risk of starting to believe it, and it will only get you in trouble. This is a