[Russ Housley] MD5 and SHA-1 Status

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- Begin Message ---
Two significant announcements have been made in the past month.
MIME-Version: 1.0

First, at the RSA Conference last month, an attack against SHA-1 was announced.
See http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
for a summary of the announcement.

The attack, if it is every written up, published, and verified, is a 2^69 
work factor.
SHA-1 was designed to have a 2^80 work factor, so this is a significant 
reduction,
but we have time to figure out the best course of action.

Second, Lenstra et al announced a method for the construction of pairs of valid
X.509 certificates in which the "to be signed" parts form a collision for 
the MD5
hash function.  As a result the issuer signatures in the certificates will 
be the
same when the issuer uses MD5 as its hash function.  See
http://eprint.iacr.org/2005/067

This work builds on an attack on MD5 that was announced about a year ago.

Several working groups depend on one-way hash functions.  Yet, we do not think
that this topic should consume huge amounts of time in every one of these 
working
groups.  Therefore, we will be discussing this topic at SAAG on Thursday.

While it is clear that this topic will require some IETF action, it is not 
yet a crisis.
That is, we can walk to a solution, there is no need to run.

If you are interested in this topic, please join the SAAG discussion on 
Thursday.

IETF Security Area Directors,
   Russ Housley
   Sam Hartman


--- End Message ---
_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]