[LOPSA-US-AZ] RSA conference report
Rik Farrow
rik at spirit.com
Sat Feb 25 09:19:38 PST 2006
der Hans wrote:
>Rik wrote:
> > Shamir said that the discovery of collisions in MD5 and SHA1 hashing
> > algorithms is significant, but not a current cause for concern. That it
> > is possible to compute collisions of hashes is important, but because
> > getting this to work requires a set of random data, it is not important
> > for current uses of hashes (big sigh of relief there).
>
> Not sure I undestand this. I think it's mostly saying that while there are
> collisions, they're irrelevant for day to day operations because day to
> day operations doesn't open itself up to the exploit. Is that close?
Close. Collisions in hashes can be found, but rely (so far) on choosing
data that has certain bit patterns. So you cannot just pick a signed
document, like a certificate, and create a different one with the same
hash. That means, our current uses of hashes are safe at this point.
Rik
More information about the LOPSA-US-AZ
mailing list