aboietf(_at_)redtenbacher(_dot_)de wrote:
What are the actual facts behind these "SHA-1 is broken" rumours?
Someone found a way to reduce the SHA-1 strenght by 11 binary digits.
This has the exact same effect as if someone boosted the current
processor speeds by a factor of 2096.
Right now, that's about it. It looks like
the 'padding' issue is unimportant and
the only issue is the number of bits
of reduced strength. So I don't think
we have to change SHA-1...
The recent announcement of Jon Callas et al. was - in my eyes - not
helpful at all. It solved a non-existing problem (not one single
existing OpenPGP implementation suffered from the "oracle" effect),
and the result in the media (at least in Germany) was rather
catastrophic: Even the (normally pretty conservative) Heise Verlag
published panic articles that "all automatic encrypt/decrypt systems
based on OpenPGP are broken"!
So the actual effect of the announcement was that, while not fixing
any real security problem, it seriously caused a Public Relations
damage for crypto gateways like our "KT Mail gateway"
(www.redtenbacher.de/info/gateway.htm) or "PGP Universal" (from PGP
Inc.).
Please, let us stop making any "change announcements" to the public if
there is not an actual security problem to be solved!
Well, I'm not sure anyone has made any
"change announcements" unless you mean
that recent minor oracle attack.
(off topic for the draft group...)
I would disagree in the question of making
announcements. Recent research and
thinking has led to the notion that we have
to be very aggressive about announcing
our weaknesses and going OTT (over the
top) in how we present these weaknesses.
It seems that we have to go through a
period of actually revealing these things
and encouraging people not to panic.
Elsewise we go back to the bad old days
where we keep all quiet.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/