IETF Logo Mail Archive

Re: NIST publishes new DSA draft

Ben Laurie <ben@algroup.co.uk> Wed, 15 March 2006 12:22 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJV1B-0002Pp-I1 for openpgp-archive@lists.ietf.org; Wed, 15 Mar 2006 07:22:21 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FJV1A-0007KX-6A for openpgp-archive@lists.ietf.org; Wed, 15 Mar 2006 07:22:21 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2FBv7pV045266; Wed, 15 Mar 2006 04:57:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2FBv7cg045265; Wed, 15 Mar 2006 04:57:07 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2FBv6TD045259 for <ietf-openpgp@imc.org>; Wed, 15 Mar 2006 04:57:07 -0700 (MST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 2BD7C33C1C; Wed, 15 Mar 2006 11:57:06 +0000 (GMT)
Message-ID: <4418011B.2020708@algroup.co.uk>
Date: Wed, 15 Mar 2006 11:57:15 +0000
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Hal Finney <hal@finney.org>
CC: james.couzens@electricmail.com, ietf-openpgp@imc.org
Subject: Re: NIST publishes new DSA draft
References: <20060314233108.1B3AF57FB0@finney.org>
In-Reply-To: <20060314233108.1B3AF57FB0@finney.org>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a

Hal Finney wrote:
> James Couzens writes:
>> I had thought it a bit strange that someone writing so comprehensively
>> about something related to digital signatures and to then make the
>> statement as you did at the end of the paragraph I quoted.  Did you have
>> some other intended meaning, such as broken by draft explicit
>> prohibition or otherwise declared deprecated in a future draft?
> 
> Yes, sorry, my language was not as precise as it might have been.
> I said we should be ready in case SHA-1 were broken, but as you note
> it has been officially "broken" for over a year.  However that is just
> a theoretical break and no actual examples of SHA-1 message collisions
> have yet been published.  So at this point SHA-1 is in a bit of a limbo
> state, theoretically broken but still in widespread use.

Its also worth noting that reducing the collision resistance to 2^69
still leaves it stronger than unbroken MD5 and is still well within the
realms of hardness we require.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email