[cabfpub] SHA-1 identical prefix collisions

Richard Wang richard at wosign.com
Sat Oct 10 20:06:30 MST 2015


The final sentence is the important one – “Vote NO”:

 

The paper was written by Marc Stevens, Pierre Karpman, and Thomas Peyrin. The new calculations, should they be confirmed by the researchers' peers, are likely to provide a strong argument for voting no and instead quickly migrating to use of SHA2, which is much more resistant to collisions.

 

 

Regards,

 

Richard

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Phillip Hallam-Baker
Sent: Sunday, October 11, 2015 9:10 AM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] SHA-1 identical prefix collisions

 

Just a heads up that this is about to hit the wires and it is a public holiday on Monday in many parts of the US.

 

http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/

 

It really shouldn’t be cause for anyone to be alarmed. These attacks do not allow someone to forge a certificate or break TLS. Any CA that is following the guidelines on incorporating randomness will not be vulnerable even if the more powerful collision attacks are achieved.

 

This was anticipated and the phase out process is already in place.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20151011/8bef512c/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5151 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20151011/8bef512c/attachment.bin 


More information about the Public mailing list