[Cryptography] sunsetting SHA-1 in Chrome
Phillip Hallam-Baker
phill at hallambaker.com
Mon Sep 8 13:22:50 EDT 2014
I think the point here is that the birthday attack is only relevant in
certain circumstances. If you are using SHA for authentication then
what matters in most contexts is if the sender really sent what they
claim.
In PPE I am using 128 bit hashes of keys because the ability to
generate two keys that hash to the same value would only harm the
party generating them.
But then again I generate those keys using SHA-2-512 and truncate...
On Sun, Sep 7, 2014 at 3:22 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> SHA-2 has a better security margin than SHA-1.
>
> To protect against a collision attack which allows someone to pose as an
> intermediate authority.
>
> That reminds me, I gave a public comment to NIST, telling them that
> SHA-3-224 is useless as everyone should phase away from 112-bit security,
> and that there should be a SHA-3-160, since for most uses 80-bit security is
> sufficient and is superior for terseness. They didn't listen, crudgy
> bureaucrats.
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list