On Wed Nov 21 23:34:40 2007, Boyd Fletcher wrote:
SHA-1 is no longer cryptographically sound. We should be using the
SHA-2
class of hashes and probably set SHA-256 as the minimum.
No, we shouldn't. MD5 is perfectly cryptographically sound for this
work, let alone SHA-1. There is a huge - and significant - difference
between a second preimage attack and a collision.
On 11/21/07 6:22 PM, "Joe Hildebrand" <[EMAIL PROTECTED]> wrote:
> Are we realistically *ever* going to define a new hash algorithm?
> Imagine the breakage that would ensue.
>
Well, maybe. We need to ensure that clients know what to do when
faced with a new, and possibly unknown, hash.
As for ever changing it, if a technique for mounting a second
preimage attack actually becomes available, then we'll have to.
> This reminds me, though, that if we don't specify hash, the v
> attribute cannot be optional for new caps; otherwise receivers
won't
> know whether this is an old or new caps declaration.
That too. :-)
Dave.
--
Dave Cridland - mailto:[EMAIL PROTECTED] - xmpp:[EMAIL PROTECTED]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
