[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 12:27:32

David Shaw wrote:

My main argument for a V5 key is that doing patch work on V4 has the
potential to split the installed base into "old V4" and "new V4".
Rather than end up like that, just call "new V4" "V5" instead.  It is
also an opportunity to fix the handful of little details that bug
people about V4: the default cipher can be AES instead of 3DES.  The
key expiration dates can be hard or soft (not just soft as in V4).
And so on.

OK, so you would propose an intermediate
"fixes lots of little things" V5.  I don't know
what the balance between these future
paths would be ...

I don't know that this should necessarily be in 2440bis, though, or
2440bis may never be released.

I think if we can make an assessment that
SHA-1 is still good for another couple of
years, then we should go for it.  Sure, shove
a note in there that it's a worry, but life is
full of worries...

(Which is to say that seeing as there are
some major difficulties in replacing SHA-1
in the current structures, then we should
just shrug and move on.  No removal unless
it is absolutely necessary.)


News and views on what matters in finance+crypto:

<Prev in Thread] Current Thread [Next in Thread>