Hash BOF review

| TrackBacks (7) |
From: EKR
Subject: Review of HASH BoF
Date: 20050802

Background:
In the past year, we've seen successful attacks on MD5 and SHA-1.
I won't bore you with the details, but it's made people start
to think about what we can do to deal with this. The Hash BOF
was intended to explore this space.

There are a number of potential things IETF could do:

1. Design a new hash algorithm.
2. State requirements for new hash algorithms.
3. Standardize some set of countermeasures for using existing
   hash functions more safely (randomized hashing, preprocessing,
   etc.)
4. Go through all the IETF protocols and figure out where we
   need to change hash functions. (The attacks don't destroy
   all uses of hashes)
5. Go through the major IETF protocols and figure out transition
   strategies.

There was consensus that (1) was a bad idea and some enthusiasm 
for 2,3, and 5. Not so much for 4. The BOF didn't finish with any real 
consensus on what to do.

My personal view is that we don't understand the solution space
well enough to standardize countermeasures at this point.
The IRTF is working on a draft that will probably eventually
represent the consensus of the crypto community, but we're
not there yet. Going through the protocols, where they're vulnerable,
and figuring out transition strategies seems very important, as
does requirements.

7 TrackBacks

Listed below are links to blogs that reference this entry: Hash BOF review.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/358

world poker tour from world poker tour on December 6, 2005 4:49 AM

leavening calculation NASA blankly aristocrats crafting:settled.Epstein learn to play poker http://learn-to-play-poker.e-best-poker.com/ Read More

Sexy real girls stories of pakistan Sex images of teacher with student Rom porn sexy girls free pic Sample movie ja... Read More

piercings Read More

online poker game from online poker game on January 30, 2006 3:53 AM

poplin ad cram soothes gulps online poker http://www.poker-scan.com/ meantime Poussins onlinepoker http://onlinepoker.affordableantiques.net/ Read More