IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SHA1 weaknesses...
Joseph Galbraith <galb-list%vandyke.com@localhost> writes:
>In light of recent SHA1 weaknesses, which, if I understand correctly,
>may not really effect SSH, but are still worrisome, should we be
>looking at introducing a document for using SHA256?
>
>Or are the vulnerabilities too remote, and so much not an issue for
>our SSH usage, that we don't need to do anything in response?
It doesn't affect its use in either PRFs or HMAC, so SSH is unaffected
(I've been working on an article for IEEE S&P for this, but it'll
probably be awhile before it appears). There's no need to rush out and
change anything because of this, better to wait until we know whether
SHA-2 or Whirlpool is the way to go.
Peter.
Home |
Main Index |
Thread Index |
Old Index