On Friday, 3 May 2019 16:56:54 CEST Martin Rex wrote: > Hubert Kario <[email protected]> wrote: > > We've been over this Martin, the theoretical research shows that for > > Merkle- Damgård functions, combining them doesn't increase their security > > significantly. > > You are completely misunderstanding the results. > > The security is greatly increased! > > Nobody is afraid of the exhaustive search preimage attacks. > > What folks with a little crypto clue are afraid of is > significantly-faster-than-exhaustive-search real-time preimage attacks. > And this is where > > TLSv1.0 + TLSv1.1 (rsa,SHA1+MD5) > > is *significantly* stronger than > > TLSv1.2 (rsa,MD5) *cough* -- which a depressingly high number of clueless > implementers actually implemented, see SLOTH > TLSv1.2 (rsa,SHA1) > > > That is also trivially formally provable.
I'm eagerly waiting on your published paper on the topic. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
