Re: SHA1 weaknesses...

To: galb-list%vandyke.com@localhost, ietf-ssh%netbsd.org@localhost
Subject: Re: SHA1 weaknesses...
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Thu, 31 Mar 2005 15:09:18 +1200

Joseph Galbraith <galb-list%vandyke.com@localhost> writes:

>In light of recent SHA1 weaknesses, which, if I understand correctly, 
>may not really effect SSH, but are still worrisome, should we be 
>looking at introducing a document for using SHA256?
>
>Or are the vulnerabilities too remote, and so much not an issue for 
>our SSH usage, that we don't need to do anything in response?

It doesn't affect its use in either PRFs or HMAC, so SSH is unaffected
(I've been working on an article for IEEE S&P for this, but it'll 
probably be awhile before it appears).  There's no need to rush out and 
change anything because of this, better to wait until we know whether 
SHA-2 or Whirlpool is the way to go.

Peter.

Follow-Ups:
- Re: SHA1 weaknesses...
  - From: Bill Sommerfeld
- Re: SHA1 weaknesses...
  - From: Matt Johnston

References:
- SHA1 weaknesses...
  - From: Joseph Galbraith

Prev by Date: Re: Ben Harris's individual submissions: arcfour-fixes and rsa-kex
Next by Date: Re: SHA1 weaknesses...
Previous by Thread: Re: SHA1 weaknesses...
Next by Thread: Re: SHA1 weaknesses...
Indexes:

Home | Main Index | Thread Index | Old Index