[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA 1 vs. SHA 256 for Root CA

To: "ROGER YOUNGLOVE" <ryounglove1@xxxxxxx>, ietf-pkix@xxxxxxx
Subject: Re: SHA 1 vs. SHA 256 for Root CA
From: Paul Hoffman <paul.hoffman@xxxxxxxx>
Date: Mon, 29 Jan 2007 09:22:38 -0800
In-reply-to: <BAY106-F33A6ECAF0FBDCF9F789787FCA70@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <BAY106-F33A6ECAF0FBDCF9F789787FCA70@xxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


At 9:38 AM -0500 1/29/07, ROGER YOUNGLOVE wrote:

i believe that SHA1 is not sufficent for a 20 year root CA lifespan.

It would be useful to know where that belief comes from. To date,there have been no suggestions of any weakness for SHA-1 againstpreimage attacks. Also to date, no one has suggested that it ispossible for anyone to brute-force a cryptographic primitive thatwould require 2^160 iterations.


--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Re: SHA 1 vs. SHA 256 for Root CA
  - From: Russ Housley
- RE: SHA 1 vs. SHA 256 for Root CA
  - From: Santosh Chokhani

References:
- SHA 1 vs. SHA 256 for Root CA
  - From: ROGER YOUNGLOVE

Prev by Date: Re: asn.1 modules in 3280bis
Next by Date: RE: SHA 1 vs. SHA 256 for Root CA
Previous by thread: Re: SHA 1 vs. SHA 256 for Root CA
Next by thread: RE: SHA 1 vs. SHA 256 for Root CA
Index(es):
- Date
- Thread