MD5 considered harmful today, SHA-1 considered harmful tomorrow
Victor Duchovni
Victor.Duchovni at morganstanley.com
Sat Jan 10 23:06:46 EST 2009
On Sat, Jan 10, 2009 at 11:32:44PM +0100, Weger, B.M.M. de wrote:
> Hi Victor,
>
> > Bottom line, anyone fielding a SHA-2 cert today is not going
> > to be happy with their costly pile of bits.
>
> Will this situation have changed by the end of 2010 (that's
> next year, by the way), when everybody who takes NIST seriously
> will have to switch to SHA-2?
Extremely unlikely in the case of SSL/TLS and X.509 certs. There is
a huge install-base of systems on which SHA-2 certs will failed SSL
handshakes. When Windows XP systems are <1% of the install-base, when
OpenSSL 0.9.8 is <1% of the install-base and 0.9.9 too (if the
support is not added before it goes official), and all the browsers,
Java libraries, ... support SHA-2, then you can deploy SHA-2 certs.
I would estimate 5-8 years, if developers of all relevant mainstream
implementations start to address the issue now. SHA-1 will be with
us well after 2010. New applications written in 2010 will ideally
support SHA-2, but SHA-1 will probably still be the default digest
in many applications through 2013 or 2015.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list