[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 18:46:29

On 17 Feb 2005, at 12:18 PM, aboietf(_at_)redtenbacher(_dot_)de wrote:

The recent announcement of Jon Callas et al. was - in my eyes - not
helpful at all. It solved a non-existing problem (not one single
existing OpenPGP implementation suffered from the "oracle" effect),
and the result in the media (at least in Germany) was rather
catastrophic: Even the (normally pretty conservative) Heise Verlag
published panic articles that "all automatic encrypt/decrypt systems
based on OpenPGP are broken"!

I'm sorry that the German press was so twitchy about it. I sent releases to both Reuters and UPI here, and got a polite response back from Reuters thanking me for being so humble about it. There's not been a further peep on it, and I've been waiting for it. Should this ever happen again, I'll try to make sure that the German press isn't silly. I know people who can do German translations -- not that I'm expecting to ever have to do that again, mind you.

I think it would have been less helpful, however, to do as a different organization did the previous week over a botched IV. They said that it wasn't worth fixing and no one needs that anyway and there was a storm of press over here.


<Prev in Thread] Current Thread [Next in Thread>