- TalkBack 1 of 2:
- Next »
- Thread View
- Flat View
- "reasonable" perhaps but not agreed with by any security specialists
-
"pretty much puts a bullet in SHA-1" is how Bruce Schneider (Counterpane Internet Security) described it here:
http://www.computerweekly.com/Articles/2005/03/08/208736/companies-forced-to-reconsider-security-as-sha-1-code-is.htm
by comparison, George Ou:
"But to put this event in the proper perspective, the finding of a hash collision does not mean the end of the world if your current security products use the SHA-1 hashing algorithm."
So why is Bruce Schneider so worried?
As the NSA published SHA-1 (disputed by George, but check out wikipedia for full details), the weakness either means:
a) NSA crypto people are incompetent (clue = they aren't)
or b) this weakness was in there for a reason, they
just didn't expect it to be so exploited before 2010.
(when NIST intend to replace SHA-1).
Reasons NSA might want a backdoor to SHA-1:
They could modify or create information and it appear to be genuinely from another party.
eg:
Programs (could add back-doors).
Change messages. (useful covertly).
Perhaps login where they wouldn't otherwise be able to login.
(the userid authenticates!).
So, as I said, I think the news from China is "we've arrived". This will make it difficult for NSA to get away with snoop without being snooped upon which is how things have been for nearly two decades. It's the same thing with the Anti-Satellite missile they launched. "we've arrived". - Posted by: stevey_d Posted on: 01/24/07 You are currently: a Guest | Members login | Terms of Use
"reasonable" perhaps but not agreed with by any security specialists
stevey_d | 01/24/07
|
and NIST disagrees with George, it ordered gov departments to upgrade
stevey_d | 01/24/07
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
- File System Auditor Version 2.0.8 ScriptLogic File System Auditor? allows administrators to audit file access, generate ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
- Business Value of Windows Server 2008 R2 Hyper-V and Live Migration.
-
Today's IT departments are under increasing pressure to manage and support expanding computer resources while reducing costs. See how Windows Server 2008 R2 is making this process seamless.
- Click to download >>
-
-
Smart Tech
Expert advice on innovations in healthcare and the green technologies that make it happen.
Find out more
-
Smart Business
Discussion and advice on management issues that revolve around making your world smarter and more useful.
More Smart Advice
-
Smart People
The best and worst moves in the management and strategy trenches.
Learn More
