W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

RE: Reference for SHA-1 being broken

From: Martin, Cynthia E. <cemartin@mitre.org>
Date: Wed, 13 Jan 2010 19:51:22 -0500
To: Frederick Hirsch <Frederick.Hirsch@nokia.com>, ext Peter Saint-Andre <Peter.SaintAndre@webex.com>
CC: ext Harold Lockhart <hal.lockhart@oracle.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <6A913BB6ED2E2C43AC275462A83E68490C126BF2FB@IMCMBX3.MITRE.ORG>
I agree, that is a better reference.

Regards, Cynthia

-----Original Message-----
From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org] On Behalf Of Frederick Hirsch
Sent: Wednesday, January 13, 2010 11:58 AM
To: ext Peter Saint-Andre
Cc: Frederick Hirsch; ext Harold Lockhart; public-xmlsec@w3.org
Subject: Re: Reference for SHA-1 being broken

Thanks, I agree this would be a better reference.

Hal, Cynthia, others?

regards, Frederick

Frederick Hirsch
Nokia



On Jan 13, 2010, at 11:48 AM, ext Peter Saint-Andre wrote:

> Instead of linking to for-pay content, I still think it would be  
> appropriate
> to reference RFC 4270 <http://tools.ietf.org/html/rfc4270>
>
>
> On 1/13/10 8:26 AM, "Frederick Hirsch" <Frederick.Hirsch@nokia.com>  
> wrote:
>
>> thanks, I'll add this to the reference unless anyone objects.
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>> On Jan 13, 2010, at 10:19 AM, ext Harold Lockhart wrote:
>>
>>> Here is a link, but you have to pay to get more than the abstract.
>>>
>>> http://www.springerlink.com/content/26vljj3xhc28ux5m/
>>>
>>> Hal
>>>
>>>> -----Original Message-----
>>>> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com]
>>>> Sent: Tuesday, January 12, 2010 3:58 PM
>>>> To: Harold Lockhart
>>>> Cc: Frederick Hirsch; public-xmlsec@w3.org
>>>> Subject: Re: Reference for SHA-1 being broken
>>>>
>>>>
>>>> thanks. Is there a URL?
>>>>
>>>> regards, Frederick
>>>>
>>>> Frederick Hirsch
>>>> Nokia
>>>>
>>>>
>>>>
>>>> On Jan 12, 2010, at 3:45 PM, ext Harold Lockhart wrote:
>>>>
>>>>> Well Wang's team has published a bunch of papers in 2005 and their
>>>>> initial results merely weakened SHA-1, while completely breaking
>>>>> MD-5. However this seems to be the paper which convinced everybody
>>>>> that SHA-1 had to be phased out in fairly short order:
>>>>>
>>>>>
>>>>> Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1.
>>>>> In Shoup, V., editor, Advances in Cryptology - CRYPTO 2005,
>>>>> 25th Annual International Cryptology Conference, Santa Barbara,
>>>>> California, USA,
>>>>> August 14-18, 2005, Proceedings, volume 3621 of LNCS, pages 17-36.
>>>>> Springer, 2005.
>>>>>
>>>>>
>>>>> Hal
>>>>>
>>>>
>>>>
>>>>
>>
>>
>
Received on Thursday, 14 January 2010 00:51:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 January 2010 00:51:58 GMT