[142103] in cryptography@c2.net mail archive
MD5 considered harmful today, SHA-1 considered harmful tomorrow
daemon@ATHENA.MIT.EDU (Dustin D. Trammell)
Fri Jan 9 20:06:10 2009
From: "Dustin D. Trammell" <dtrammell@breakingpoint.com>
To: cryptography <cryptography@metzdowd.com>
In-Reply-To: <20081230195106.52DEA14F6E1@finney.org>
Date: Thu, 08 Jan 2009 18:23:47 -0600
--=-QMQbrAJkJQuJL0lORQG/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2008-12-30 at 11:51 -0800, "Hal Finney" wrote:
> Therefore the highest priority should be for the six bad CAs to change
> their procedures, at least start using random serial numbers and move
> rapidly to SHA1. As long as this happens before Eurocrypt or whenever
> the results end up being published, the danger will have been averted.
> This, I think, is the main message that should be communicated from this
> important result.
Nearly everything I've seen regarding the proposed solutions to this
attack have involved migration to SHA-1. SHA-1 is scheduled to be
decertified by NIST in 2010, and NIST has already recommended[1] moving
away from SHA-1 to SHA-2 (256, 512, etc.). Collision attacks have
already been demonstrated[2] against SHA-1 back in 2005, and if history
tells us anything then things will only get worse for SHA-1 from here.
By not moving directly to at least SHA-2 (until the winner of the NIST
hash competition is known), these vendors are likely setting themselves
up for similar attacks in the (relatively) near future.
[1] http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html
[2] http://www.cryptography.com/cnews/hash.html
--=20
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.
--=-QMQbrAJkJQuJL0lORQG/
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQBJZpkQ5ZKockBy4gkRAtz5AJ41uwOGUf7Qac1RazjbDD6zREHh2ACgiciZ
mn4nH4v7mal/K01PfiDxQYQ=
=vkL9
-----END PGP SIGNATURE-----
--=-QMQbrAJkJQuJL0lORQG/--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
