SHA-1 and Git (was Re: [tahoe-dev] Tahoe-LAFS key management, part 2: Tahoe-LAFS is like encrypted git)

James A. Donald jamesd at echeque.com
Wed Aug 26 20:36:08 EDT 2009


Peter Gutmann wrote:
 > Consider for example a system that uses two
 > authentication algorithms in case one fails, or that
 > has an algorithm-upgrade/rollover capability, perhaps
 > via downloadable plugins.  At some point a device
 > receives a message authenticated with algorithm A
 > saying "Algorithm B has been broken, don't use it any
 > more" (with an optional side-order of "install and run
 > this plugin that implements a new algorithm instead").
 > It also receives a message authenticated with
 > algorithm B saying "Algorithm A has been broken, don't
 > use it any more", with optional extras as before.

Not so hard.  True breaks occur infrequently.  Those
that download the scam version will find that they can
*only* communicate with the scammers, so will sort
things out in due course and all will be well until the
next break - which will not happen for a long time, and
may well never happen - unless of course one has the
IEEE 802.11 working group designing the standards.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list