--- Begin Message ---
Two significant announcements have been made in the past month.
MIME-Version: 1.0
First, at the RSA Conference last month, an attack against SHA-1 was announced.
See http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
for a summary of the announcement.
The attack, if it is every written up, published, and verified, is a 2^69
work factor.
SHA-1 was designed to have a 2^80 work factor, so this is a significant
reduction,
but we have time to figure out the best course of action.
Second, Lenstra et al announced a method for the construction of pairs of valid
X.509 certificates in which the "to be signed" parts form a collision for
the MD5
hash function. As a result the issuer signatures in the certificates will
be the
same when the issuer uses MD5 as its hash function. See
http://eprint.iacr.org/2005/067
This work builds on an attack on MD5 that was announced about a year ago.
Several working groups depend on one-way hash functions. Yet, we do not think
that this topic should consume huge amounts of time in every one of these
working
groups. Therefore, we will be discussing this topic at SAAG on Thursday.
While it is clear that this topic will require some IETF action, it is not
yet a crisis.
That is, we can walk to a solution, there is no need to run.
If you are interested in this topic, please join the SAAG discussion on
Thursday.
IETF Security Area Directors,
Russ Housley
Sam Hartman
--- End Message ---
