Karthikeyan Bhargavan <karthik.bharga...@gmail.com> writes: >Coming back to digital signatures, all uses of weak hash functions are >essentially broken.
Not necessarily. Use of weak hash functions where the attacker has time to do offline precomputations/calculations are essentially broken. I'm not saying "keep on using MD5", but unless your attacker can find collisions in real time you're still OK while you take time to switch to SHA-2 or whatever. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls