Re: NIST publishes new DSA draft
"Ian Grigg" <iang@systemics.com> Wed, 15 March 2006 09:53 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FJShT-0004g0-0D for openpgp-archive@lists.ietf.org; Wed, 15 Mar 2006 04:53:51 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FJShQ-0002jH-K4 for openpgp-archive@lists.ietf.org; Wed, 15 Mar 2006 04:53:50 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2F9TEG1040195; Wed, 15 Mar 2006 02:29:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2F9TEWn040194; Wed, 15 Mar 2006 02:29:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from wbm2.pair.net (wbm2.pair.net [209.68.3.43]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2F9TDv8040186 for <ietf-openpgp@imc.org>; Wed, 15 Mar 2006 02:29:14 -0700 (MST) (envelope-from iang@systemics.com)
Received: by wbm2.pair.net (Postfix, from userid 65534) id 3F95811725; Wed, 15 Mar 2006 04:29:10 -0500 (EST)
Received: from 84.131.251.69 ([84.131.251.69]) (SquirrelMail authenticated user john@systemics.com) by webmail2.pair.com with HTTP; Wed, 15 Mar 2006 04:29:10 -0500 (EST)
Message-ID: <61223.84.131.251.69.1142414950.squirrel@webmail2.pair.com>
In-Reply-To: <20060314233108.1B3AF57FB0@finney.org>
References: <20060314233108.1B3AF57FB0@finney.org>
Date: Wed, 15 Mar 2006 04:29:10 -0500
Subject: Re: NIST publishes new DSA draft
From: Ian Grigg <iang@systemics.com>
To: ietf-openpgp@imc.org
Reply-To: iang@systemics.com
User-Agent: SquirrelMail/1.4.5
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
> > James Couzens writes: >> I had thought it a bit strange that someone writing so comprehensively >> about something related to digital signatures and to then make the >> statement as you did at the end of the paragraph I quoted. Did you have >> some other intended meaning, such as broken by draft explicit >> prohibition or otherwise declared deprecated in a future draft? > > Yes, sorry, my language was not as precise as it might have been. > I said we should be ready in case SHA-1 were broken, but as you note > it has been officially "broken" for over a year. However that is just > a theoretical break and no actual examples of SHA-1 message collisions > have yet been published. So at this point SHA-1 is in a bit of a limbo > state, theoretically broken but still in widespread use. The problem lies in the use of the term "broken" which sounds great in the popular press, but is insufficiently precise for serious forums and serious protocol work. A more appropriate term is that SHA1 is weakened - from 80 bits to 69 bits - for some uses. Analysis in this forum in the past has indicated that - approximately - SHA1 is still good, but we should move over as and when we can select good alternatives. NIST's new DSA announcement I think makes the case that SHA256 is going to be around a lot longer than some of us earlier speculated, so that looks like the target for now. > If the attack should get worse so that SHA-1 collisions could be found > in a practical amount of time, then we would have a much more urgent > need to switch to another hash. That is what I really meant when I > said we should be ready if SHA-1 should be broken. Yes, it's a concern. FTR, I agree with Hal that we should seriously consider taking the draft out of last call (dammit!) ... hopefully it won't take too long to get enough consensus and some rough working code? iang
- NIST publishes new DSA draft David Shaw
- Re: NIST publishes new DSA draft "Hal Finney"
- Re: NIST publishes new DSA draft James Couzens
- Re: NIST publishes new DSA draft "Hal Finney"
- Re: NIST publishes new DSA draft James Couzens
- Re: NIST publishes new DSA draft "Hal Finney"
- Re: NIST publishes new DSA draft Ian Grigg
- Re: NIST publishes new DSA draft Werner Koch
- Re: NIST publishes new DSA draft Ben Laurie
- Re: NIST publishes new DSA draft Ben Laurie
- Re: NIST publishes new DSA draft vedaal
- RE: NIST publishes new DSA draft Anton Stiglic
- Re: NIST publishes new DSA draft David Shaw
- Re: NIST publishes new DSA draft "Hal Finney"
- Re: NIST publishes new DSA draft David Shaw
- Re: NIST publishes new DSA draft Ian G
- Re: NIST publishes new DSA draft Werner Koch
- Re: NIST publishes new DSA draft David Shaw
- Re: NIST publishes new DSA draft Jon Callas
- Re: NIST publishes new DSA draft Jon Callas
- Re: NIST publishes new DSA draft Ian G
- Re: NIST publishes new DSA draft David Shaw
- Re: NIST publishes new DSA draft Tony Hansen
- Re: NIST publishes new DSA draft David Shaw
- Re: NIST publishes new DSA draft Ben Laurie
- Re: NIST publishes new DSA draft Jon Callas
- Re: NIST publishes new DSA draft Jon Callas
- Re: NIST publishes new DSA draft Ben Laurie
- Re: NIST publishes new DSA draft Jon Callas