Re: SHA1 weaknesses...

[Ben Harris <bjh21%bjh21.me.uk@localhost>]

In article <20050331061843.GA44424%morwong.ucc.gu.uwa.edu.au@localhost> you write:
>On Thu, Mar 31, 2005 at 03:09:18PM +1200, Peter Gutmann wrote:
>> Joseph Galbraith <galb-list%vandyke.com@localhost> writes:
>> 
>> >In light of recent SHA1 weaknesses, which, if I understand correctly, 
>> >may not really effect SSH, but are still worrisome, should we be 
>> >looking at introducing a document for using SHA256?
>> >
>> It doesn't affect its use in either PRFs or HMAC, so SSH is unaffected
>> (I've been working on an article for IEEE S&P for this, but it'll 
>> probably be awhile before it appears).  There's no need to rush out and 
>> change anything because of this, better to wait until we know whether 
>> SHA-2 or Whirlpool is the way to go.
>
>Wouldn't lack of collision resistance in SHA1 leave a
>vulnerability with using fingerprints of host public keys
>for verification?  (mentioned in the -architecture draft).

No.  A collision attack might allow an attacker to make two different keys
that have the same fingerprint, but it wouldn't allow them to make a single
key that has the same fingerprint as some other existing key.

-- 
Ben Harris