[Cryptography] sunsetting SHA-1 in Chrome
ianG
iang at iang.org
Mon Sep 8 08:56:35 EDT 2014
On 7/09/2014 20:22 pm, Ryan Carboni wrote:
> SHA-2 has a better security margin than SHA-1.
>
> To protect against a collision attack which allows someone to pose as an
> intermediate authority.
>
> That reminds me, I gave a public comment to NIST, telling them that
> SHA-3-224 is useless as everyone should phase away from 112-bit
> security, and that there should be a SHA-3-160, since for most uses
> 80-bit security is sufficient and is superior for terseness. They didn't
> listen, crudgy bureaucrats.
The opposite of crudge is not wisdom :) There is nothing wrong with
112-bit security as long as that's all you need. For example, in a
protocol HMAC, 112 bit security would be overkill.
The mistake you (and most others) are making here is that because there
is a known attack in one use of one single 160 bit hash (SHA0) then all
160 bit devices are damned for all purposes.
iang
More information about the cryptography
mailing list