[tahoe-dev] SHA-1 broken!
Perry E. Metzger
perry at piermont.com
Tue May 5 10:44:52 EDT 2009
lance james <lancej at securescience.net> writes:
> stupid question - does this effect IPSec realistically as well?
IPSec and IPSec related protocols like IKE use SHA-1 in various
places. Whether those actually could be attacked using the known
weaknesses in SHA-1 would require detailed examination of the individual
protocols.
In general, uses that require only preimage resistance are not yet at
risk, those that require collision resistance are. However, as has been
seen in the MD5-based fake CA attack, sufficiently clever people can
sometimes come up with ways to turn something that appears to depend on
preimage resistance into something that really only depends on collision
resistance.
This is all another way of saying "no reason to panic, but moving to
things that use SHA-2 instead of SHA-1 would be a good idea".
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list