Re: NIST publishes new DSA draft

[Ben Laurie <ben@xxxxxxxxxxxxx>]

Hal Finney wrote:
> James Couzens writes:
>> I had thought it a bit strange that someone writing so comprehensively
>> about something related to digital signatures and to then make the
>> statement as you did at the end of the paragraph I quoted.  Did you have
>> some other intended meaning, such as broken by draft explicit
>> prohibition or otherwise declared deprecated in a future draft?
> 
> Yes, sorry, my language was not as precise as it might have been.
> I said we should be ready in case SHA-1 were broken, but as you note
> it has been officially "broken" for over a year.  However that is just
> a theoretical break and no actual examples of SHA-1 message collisions
> have yet been published.  So at this point SHA-1 is in a bit of a limbo
> state, theoretically broken but still in widespread use.

Its also worth noting that reducing the collision resistance to 2^69
still leaves it stronger than unbroken MD5 and is still well within the
realms of hardness we require.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff