[Cryptography] Collisions w/SHA-1 ~$100,000 TODAY
Hubert A. Le Van Gong
hubert at levangong.org
Tue Oct 27 02:12:54 EDT 2015
On 11/10/2015 16:42, Phillip Hallam-Baker wrote:
> On Sun, Oct 11, 2015 at 10:27 AM, Dave Horsfall <dave at horsfall.org>
> wrote:
>
>> Err, when did the PHB get pointy ears?
>
> What have my ears got to do with anything?
>
> Could people please stop panicking? Even if an attacker can cause a
> total collision, it should not allow them to do anything bad in PKIX
> or TLS unless someone goofs.
>
> The WebPKI is like a car that has run flat tires. It is *designed* to
> be safe to drive with four flat tires but unless you have a really
> good reason not to, you should get the tire replaced as soon as it
> blows.
Given that SHA-1 is a pretty fundamental piece of TLSv1.1 (although for
different purposes, it's used in its PRF, but also as signature of
params in the ServerKeyExchange msg) what do people think of TLS1.1's
prospects in mid to long-term?
Thanks,
Hubert
--
email: hubert at levangong.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151026/5055b88c/attachment.html>
More information about the cryptography
mailing list