Global Security Watch

Some related posts from Technorati and Google.

[Not Your Father's America] SHA-1 Broken: "I'd like to see NIST orchestrate a worldwide competition for a new hash function, like they did for the new encryption algorithm, AES, to replace DES. NIST should issue a call for algorithms, and conduct a series of analysis rounds, where the community analyzes the various proposals with the intent of establishing a new standard.

[Schneier.com] Schneier on Security: Cryptanalysis of SHA-1: I'd like to respond to John Gregory's and Andrew Wade's message by drawing an analogy between the need for competent software engineers as mentioned by "Terry" and Bruce Schneier and the need for competent lawyers applying cryptographic procedures: Simply applying existing techniques without thinking thoroughly about the consequences can get you in deep trouble, especially if one element you were relying on appears broken, which now is the case with SHA-1. I'm convinced that the risks in using digital signatures for contracts that are based on SHA-1 now that SHA-1 has been broken can be reduced to an acceptable level (risk=0 does not exist) by applying additional measures that are thoroughly thought out.

 [En.wikipedia.org] SHA hash functions - Wikipedia, the free encyclopedia: Most of the applications that use cryptographic hashes, such as password storage ordocument signing, are only minimally affected by a collision attack. In the case of document signing, for example, an attackercould not simply fake a signature from an existing document -- the attacker would have to fool the private key holder intosigning a preselected document.

Reflected tags on Technorati: Blog, Encryption, Global Security Watch