Hi, James - I'm afraid you are off by a year on that. Those reports
were from 2005, not 2006. They have been intensively discussed here and
elsewhere in the cryptographic community. Indeed, those findings are a
good part of why I was proposing making SHA-256 a MUST, along with the
fact that this hash will now be able to be used with DSS signatures.
My apologies, you are quite correct. I recently joined the list a few
months ago, and haven't reviewed it historically, and as such I wasn't
present for the referenced discussion(s) intense or otherwise :-)
I had thought it a bit strange that someone writing so comprehensively
about something related to digital signatures and to then make the
statement as you did at the end of the paragraph I quoted. Did you have
some other intended meaning, such as broken by draft explicit
prohibition or otherwise declared deprecated in a future draft?
Cheers,
James
--
James Couzens,
Programmer
___ __ __ ___
| __| \/ |/ __| The Electric Mail Company
| _|| |\/| | (__ Managed, Secure Email Services
|___|_| |_|\___| http://www.electricmail.com
Direct Line: 604.482.1111 x152
--------------------------------------------------
PGP Key Fingerprint:
B2EF B741 1807 2F24 8B70 F89B 03D2 6CFF C52F 0052
signature.asc
Description: This is a digitally signed message part