On hash breaks, was Re: First quantum crypto bank transfer
Joseph Ashwood
ashwood at msn.com
Sun Aug 22 16:42:03 EDT 2004
Since the rest has been covered quite well, I will instead focus on the
comparison of AES and SHA-0, RIPEM, MD5, etc.
----- Original Message -----
From: "Jerrold Leichter" <jerrold.leichter at smarts.com>
Subject: Re: First quantum crypto bank transfer
> Alternatively, how anyone can have absolute confidence in conventional
> crypto
> in a week when a surprise attack appears against a widely-fielded
> primitive
> like MD5 is beyond me. Is our certainty about AES's security really any
> better today than was our certainty about RIPEM - or even SHA-0 - was
> three
> weeks ago?
> -- Jerry
Actually for years the cryptography community has been saying "retire MD5,"
SHA-0 has been required to be replaced by SHA-1 for some time, the RIPEM
series is functionally-speaking unused and represented the only real
surprise. Except for RIPEM there were known to be reasons for this, MD5 was
known to be flawed, SHA-0 was replaced because it was flawed (although
knowledge of the nature of the flaw was hidden). Even with RIPEM (and SHA-1
for the same reason) I have plans in place (and have had for some time) the
move away from 160-bit hashes to larger ones, so the attack on RIPEM had
little effect on me and my clients, even a full attack on SHA-1 would have
little effect on the clients that actually listen (they all have backup
plans that involve the rest of the SHA series and at the very least
Whirlpool).
So basically I encourage my clients to maintain good business practices
which means that they don't need to have belief in the long term security of
AES, or SHA-1, or RSA, or ......... This is just good business, and it is a
process that evolved to deal with similar circumstances.
Joe
Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list