Re: [saag] Revision of "Attacks on Cryptographic Hashes in Internet Protocols"

Joe Touch <> Tue, 13 November 2012 22:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 25C2721F87B0 for <>; Tue, 13 Nov 2012 14:16:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.33
X-Spam-Status: No, score=-103.33 tagged_above=-999 required=5 tests=[AWL=-0.731, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id odn8aEVOlCrD for <>; Tue, 13 Nov 2012 14:16:25 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 87A8021F86D3 for <>; Tue, 13 Nov 2012 14:16:25 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id qADMG4jh005949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 13 Nov 2012 14:16:07 -0800 (PST)
Message-ID: <>
Date: Tue, 13 Nov 2012 14:16:03 -0800
From: Joe Touch <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Paul Hoffman <>
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
Cc: IETF Security Area Advisory Group <>
Subject: Re: [saag] Revision of "Attacks on Cryptographic Hashes in Internet Protocols"
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Nov 2012 22:16:26 -0000

Hi, Paul (et al.),

This doc refers to IETF protocols that use hashes, but doesn't discuss 
any in specific. It also doesn't address how hashes are used, e.g., solo 
(as a fingerprint), keyed (for authentication and source confirmation), 
as part of an HMAC, or as part of key derivation.

That sort of information might be additionally useful, IMO.


On 11/8/2012 4:29 AM, Paul Hoffman wrote:
> Greetings again. Bruce Schneier and I have started an update to RFC 4270, "Attacks on Cryptographic Hashes in Internet Protocols". This revision is meant to deal with new and more devastating attacks on MD5, the fact that SHA-1 collisions will be financially feasible in the foreseeable future, and NIST's upcoming SHA-3 announcements. We expect to keep this revision process open for at least five months because NIST probably won't finalize the parameters and naming and so on for KECCAK until then; that is, we won't send this to RFC Editor until SHA-3 is finalized. Please take a look at
> Sean and Stephen have agreed that we should use the SAAG mailing list for discussing this draft.
> --Paul Hoffman
> _______________________________________________
> saag mailing list