Is the draft 12 the current working text? I noticed it
expires in another month.
Did we resolve the question of whether to make changes
to the MUST / SHOULD algorithms?
I'm all in favour of saying AES-128 is now the MUST and
triple DES becomes the SHOULD. In practice, most
implementations would be there already as they will have
done both (Cryptix Java is, and so is Perl's Crypt::OpenPGP).
SHA is harder as we've discussed. If we agree to leave
matters lie, then here's one potential addition to 13
(I cribbed the wording from the other points, but any
wording could be considered....):
13. Security Considerations - suggested addition
* In October 2004, the Shandong university team of Wang, Yin, Yu
announced attacks on reduced rounds of SHA1. Collisions are
predicted in 2^69 steps rather than the full 2^80 steps. For this
reason SHA1 is widely expected to be deprecated in coming years.
Implementors may prefer to move to wider length SHA algorithms
News and views on what matters in finance+crypto: