SHA-1 collisions now at 2^{52}?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed May 6 11:00:50 EDT 2009
"Perry E. Metzger" <perry at piermont.com> writes:
>Home routers and other equipment last for years. If we slowly roll out
>various protocol and system updates now, then in a number of years, when we
>find ourselves with real trouble, a lot of them will already be updated
>because new ones won't have issues.
I'm not really sure if it works that way. From my experience with SSH in
routers [0] I'd say it's more like:
Binary images in routers last years. If we deploy first-cut, buggy
implementations of new protocols now, we'll have to support the bugs in a
backwards-compatible manner for the rest of eternity.
That is, in the absence of widely-deployed, mature implementations to test
against, router vendors will (if they were to ship with this right now) deploy
pre-alpha quality code that would then be frozen for the rest of eternity. I
have to maintain support for ten-year-old SSH bugs in my code because of ports
to... well, unnamed vendors' systems done a decade or so back that never get
touched again once the initial version got to the point where it would respond
to a packet. So if vendors are going to bake things into firmware (which
includes firmware images that never get updated, more or less the same thing)
then I'd prefer they hold on a bit until it's certain they've got somewhat
more mature code.
Peter.
[0] Implementations of this are easier to date than SSL, and also a lot
buggier so there's more to watch out for.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list