[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 16:39:28

Ian G <iang(_at_)systemics(_dot_)com> wrote on 17 Feb 2005:

Please, let us stop making any "change announcements" to the public if
there is not an actual security problem to be solved!

Well, I'm not sure anyone has made any
"change announcements" unless you mean
that recent minor oracle attack.

That is exactly what I meant: the announcement of Jon et al.
regarding the "minor oracle attack".

It seems that we have to go through a
period of actually revealing these things
and encouraging people not to panic.

Elsewise we go back to the bad old days
where we keep all quiet.

I was not suggesting to "keep quiet" any real weaknesses. But the
proper handling for the publication of the "oracle attack" would have
been to point out that no mail application based on OpenPGP was
susceptible to the circumstances of the attack, and that implementing
an "oracle" is considered a Really Stupid Thing (TM).

The short mention in the announcement that the OpenPGP group would be
changing the protocol due to the "oracle attack publication", was
interpreted by the media as a "proof" of the fact that a serious
problem had been found - which was not the case at all. The "attack"
may have been interesting from a mathematical viewpoint, but it was
never relevant to the reality of e-mail applications. If a recipient
is so stupid as to send me back thousands of "I can't read your mail"
answers, this same user will surely be stupid enough to send me his
private PGP key + passphrase if I devise a proper social engineering
or phishing attack. So the problem here is the fact of having an
"oracle" (implemented as a stupid user or a stupid programmer) in the
first place, and lies _not_ with the protocol.

Therefore, let us solve the problem where it is, and not at some other

- Wolfgang Redtenbacher

Redtenbacher Software                Tel.:   +49 7159 17046
Roemerstr. 11/1                      Fax:    +49 7159 17047
D-71272 Renningen                    e-mail: wolfgang(_at_)redtenbacher(_dot_)de

<Prev in Thread] Current Thread [Next in Thread>