[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST publishes new DSA draft

To: james.couzens@xxxxxxxxxxxxxxxx
Subject: Re: NIST publishes new DSA draft
From: hal@xxxxxxxxxx ("Hal Finney")
Date: Tue, 14 Mar 2006 15:31:08 -0800 (PST)
Cc: ietf-openpgp@xxxxxxx
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

James Couzens writes:
> I had thought it a bit strange that someone writing so comprehensively
> about something related to digital signatures and to then make the
> statement as you did at the end of the paragraph I quoted.  Did you have
> some other intended meaning, such as broken by draft explicit
> prohibition or otherwise declared deprecated in a future draft?

Yes, sorry, my language was not as precise as it might have been.
I said we should be ready in case SHA-1 were broken, but as you note
it has been officially "broken" for over a year.  However that is just
a theoretical break and no actual examples of SHA-1 message collisions
have yet been published.  So at this point SHA-1 is in a bit of a limbo
state, theoretically broken but still in widespread use.

If the attack should get worse so that SHA-1 collisions could be found
in a practical amount of time, then we would have a much more urgent
need to switch to another hash.  That is what I really meant when I
said we should be ready if SHA-1 should be broken.

Hal Finney

Follow-Ups:
- Re: NIST publishes new DSA draft
  - From: Ben Laurie
- Re: NIST publishes new DSA draft
  - From: Ian Grigg

Prev by Date: Re: NIST publishes new DSA draft
Next by Date: Re: NIST publishes new DSA draft
Previous by thread: Re: NIST publishes new DSA draft
Next by thread: Re: NIST publishes new DSA draft
Index(es):
- Date
- Thread