Re: NIST publishes new DSA draft

James Couzens <james.couzens@electricmail.com> Tue, 14 March 2006 22:00 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJHZP-0002zj-K5 for openpgp-archive@lists.ietf.org; Tue, 14 Mar 2006 17:00:47 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FJHZN-0007DU-Ss for openpgp-archive@lists.ietf.org; Tue, 14 Mar 2006 17:00:47 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2ELVNUg013856; Tue, 14 Mar 2006 14:31:23 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2ELVNNs013855; Tue, 14 Mar 2006 14:31:23 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from sarge.electric.net (sarge.electric.net [216.129.90.31]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2ELVN4w013849 for <ietf-openpgp@imc.org>; Tue, 14 Mar 2006 14:31:23 -0700 (MST) (envelope-from james.couzens@electricmail.com)
Received: from root by sarge.electric.net with emc1-ok (Exim 4.60) (envelope-from <james.couzens@electricmail.com>) id 1FJH6t-000443-Vw; Tue, 14 Mar 2006 13:31:20 -0800
Received: by emcmailer; Tue, 14 Mar 2006 13:31:19 -0800
Received: from [199.175.137.27] (helo=antitrust.electric.net) by sarge.electric.net with esmtpsa (SSL 3.0:RSA_ARCFOUR_MD5:16) (Exim 4.60) (envelope-from <james.couzens@electricmail.com>) id 1FJH6s-00042x-Vc; Tue, 14 Mar 2006 13:31:19 -0800
Subject: Re: NIST publishes new DSA draft
From: James Couzens <james.couzens@electricmail.com>
Reply-To: james.couzens@electricmail.com
To: ietf-openpgp@imc.org
Cc: hal@finney.org
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-2oR8HVwpzkCvBwce15wZ"
Organization: Electric Mail Inc.
Date: Tue, 14 Mar 2006 13:31:57 -0800
Message-Id: <1142371918.23097.19.camel@antitrust.electric.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.1.1
X-Origin-IP: 199.175.137.27
X-Env-From: james.couzens@electricmail.com
X-Virus-Status: Scanned by VirusSMART (s)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b4a0a5f5992e2a4954405484e7717d8c

> We might want to think about making SHA-256 be another MUST algorithm.
> The only MUST hash now is SHA-1.  Making SHA-256 be a MUST would make
> these new key sizes be more useful, and also give us an easier fallback
> if SHA-1 should be broken.

SHA-1 was broken, last month by three Chinese cryptographers as reported 
by Bruce Schneier through is website.  On February 15, 2006 he wrote of 
a new cryptographic result, an attack faster than brute-force against 
SHA-1.  Two days later he wrote an update to his original post and a 
quote from within it:

> Earlier this week, three Chinese cryptographers showed that SHA-1 is not 
> collision-free. That is, they developed an algorithm for finding collisions
> faster than brute force.
> 
> ...
> 
> They can find collisions in SHA-1 in 2^69 calculations, about 2,000 times
> faster than brute force. Right now, that is just on the far edge of 
> feasibility with current technology. Two comparable massive computations 
> illustrate that point.

Reference URL (02/18/2006): http://tinyurl.com/4rl78
Original post (02/15/2006): http://tinyurl.com/4bmcc

With respect to your suggestion about thinking about making SHA-256 a MUST 
algorithm I couldn't agree more.

Cheers,

James

-- 
James Couzens,
Programmer
 ___ __  __  ___ 
| __|  \/  |/ __| The Electric Mail Company
| _|| |\/| | (__  Managed, Secure Email Services
|___|_|  |_|\___| http://www.electricmail.com
                  Direct Line: 604.482.1111 x152
--------------------------------------------------
PGP Key Fingerprint:
B2EF B741 1807 2F24 8B70  F89B 03D2 6CFF C52F 0052