[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: re:[pki-tc] Re: Hash Research (was RE: [pki-tc] Bridge CA update?)
Furthermore, I thought that NIST's very recent report more or less said that the problem remains academic. The issue is not insignificant, to be sure, but it is not expected to have practical ramifications on implementers (i.e. most of the TC as Arshad points out) for the forseeable future. See http://csrc.nist.gov/pki/twg/y2004/Presentations/twg-04-14.pdf Cheers, Stephen (the possible optimist). Stephen Wilson Lockstep Consulting Pty Ltd ABN 59 593 754 482 11 Minnesota Ave Five Dock NSW 2046 Australia P +61 (0)414 488 851 -------------------- About Lockstep Lockstep was established in early 2004 by noted authentication expert Stephen Wilson, to provide independent advice and analysis on cyber security policy, strategy, risk management, and identity management. Lockstep is also developing unique new smartcard solutions to address privacy and identity theft. Contact swilson@lockstep.com.au. > This could be for a couple of reasons, John: > > 1) That this group is focused more on implementation and use of PKIs, whereas hashingmight be of greater interest to mathematicians and cryptographers. This is not to saythat these two groups are not interested in PKIs or that this group is not interested inthe hashing collision problem. But speaking for myself as a builder of PKIs, I'm notterribly interested in the composition of the "materials" so long as there is generalconsensus in the PKI industry about the efficacy of one "material" over another, and thatthere are other experts focused on finding the right "materials" for constructing thesethings; > > 2) That only MD5 has been shown to have collisions, while SHA-1 has not - which is whatmost PKIs tend to use nowadays. In any case, as SHA-256, SHA-384 and SHA-512 getimplemented in PKI software products and applications, they will become the implementationstandard moving further away from the MD5 collision problem. Now if the Secure HashingAlgorithm itself had problems with it, that might be another matter altogether.... > > Arshad Noor > StrongAuth, Inc. > > > ----- Original Message ----- > From: John Messing <jmessing@law-on-line.com> > Date: Tuesday, January 25, 2005 7:14 am > Subject: RE: [pki-tc] Bridge CA update? > > > It seems to me that in addition to or in lieu of Bridge analyses, this > > group should consider developments around intentional hash collisions > > and the research being done about them, and the effects upon the > > futureof digital signatures and PK. > > > > I may have missed something, but I do not recall the matter even being > > discussed by the group yet. > > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), goto http://www.oasis-open.org/apps/org/workgroup/pki- tc/members/leave_workgroup.php. > -- <Put email footer here>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]