Re: SHA-1 broken


On 17 Feb 2005, at 12:18 PM, aboietf(_at_)redtenbacher(_dot_)de wrote:

The recent announcement of Jon Callas et al. was - in my eyes - not
helpful at all. It solved a non-existing problem (not one single
existing OpenPGP implementation suffered from the "oracle" effect),
and the result in the media (at least in Germany) was rather
catastrophic: Even the (normally pretty conservative) Heise Verlag
published panic articles that "all automatic encrypt/decrypt systems
based on OpenPGP are broken"!

I'm sorry that the German press was so twitchy about it. I sentreleases to both Reuters and UPI here, and got a polite response backfrom Reuters thanking me for being so humble about it. There's not beena further peep on it, and I've been waiting for it. Should this everhappen again, I'll try to make sure that the German press isn't silly.I know people who can do German translations -- not that I'm expectingto ever have to do that again, mind you.

I think it would have been less helpful, however, to do as a differentorganization did the previous week over a botched IV. They said that itwasn't worth fixing and no one needs that anyway and there was a stormof press over here.

Jon

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SHA-1 broken, (continued) Re: SHA-1 broken, Werner Koch Re: SHA-1 broken, Ian G Re: SHA-1 broken, David Shaw Re: SHA-1 broken, Konrad Rosenbaum Re: SHA-1 broken, Konrad Rosenbaum Re: SHA-1 broken, Vlad \"SATtva\" Miller Re: SHA-1 broken, aboietf Re: SHA-1 broken, Ian G Re: SHA-1 broken, Jon Callas Re: SHA-1 broken, Lutz Donnerhacke Re: SHA-1 broken, Jon Callas <= Re: SHA-1 broken, Werner Koch The oracle weakness and the art of disclosure, Ian G Re: SHA-1 broken, Konrad Rosenbaum Re: SHA-1 broken, aboietf Re: SHA-1 broken, Werner Koch Re: SHA-1 broken, "Hal Finney" Re: SHA-1 broken, Werner Koch Re: SHA-1 broken, Ingo Luetkebohle Re: SHA-1 broken, Ian G Re: SHA-1 broken, aboietf