- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 13 Jan 2010 21:09:59 +0100
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- Cc: Thomas Roessler <tlr@w3.org>, "ext Edgar, Gerald" <gerald.edgar@boeing.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
works for me. -- Thomas Roessler, W3C <tlr@w3.org> On 13 Jan 2010, at 21:03, Frederick Hirsch wrote: > I suggest we provide the official URL Hal provided since it is stable and indicates how to get more information. I suggest we also include the URL Gerald mentioned, thus the reference would read: > > X. Wang, Y.L. Yin, H. Yu. Finding Collisions in the Full SHA-1. . In Shoup, V., editor, Advances in Cryptology - CRYPTO 2005, 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, volume 3621 of LNCS, pages 17–36. Springer, 2005. URL: http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf (also published in http://www.springerlink.com/content/26vljj3xhc28ux5m/ ) > > > Does this make sense? Any corrections, suggestions? > > regards, Frederick > > Frederick Hirsch > Nokia > > > > On Jan 13, 2010, at 1:25 PM, ext Edgar, Gerald wrote: > >> There is a presentation of the Crypto 2005 "Rump session" on SHA-1 at http://www.iacr.org/conferences/crypto2005/r/2.pdf >> There is also a copy of the original paper at http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf >> The formal reference to Springer is stable, but if people search, they can find a copy they do not have to pay for, if that is the objection. >> >> >> Gerald Edgar, CISSP >> Enterprise Architecture & Information Security >> >> Cell: 425-503-3912 >> >> -----Original Message----- >> From: public-xmlsec >> Sent: Wednesday, January 13, 2010 9:08 AM >> To: Peter Saint-Andre; Frederick Hirsch >> Cc: public-xmlsec@w3.org >> Subject: RE: Reference for SHA-1 being broken >> >> Well as I understand it, the idea was to cite a detailed cryptographic analysis for those who wished such information. Given that it is not a normative reference, it seems reasonable to provide the reference. After all, people frequently buy books on computer subjects to increase their professional knowledge. >> >> There are a number of problems with citing RFC 4270. First of all, it turns around and cites the Wang papers for details, so there is no improvement there. More importantly, it is seriously out of date. At the time it was written it was thought that collisions were the only problem. It has now been demonstrated that there are forging and key recovery attacks on the order of sqr(n). >> >> Hal >> >>> -----Original Message----- >>> From: Peter Saint-Andre [mailto:Peter.SaintAndre@webex.com] >>> Sent: Wednesday, January 13, 2010 11:49 AM >>> To: Frederick Hirsch; Harold Lockhart >>> Cc: public-xmlsec@w3.org >>> Subject: Re: Reference for SHA-1 being broken >>> >>> >>> Instead of linking to for-pay content, I still think it would be >>> appropriate to reference RFC 4270 <http://tools.ietf.org/html/rfc4270> >>> >>> >>> On 1/13/10 8:26 AM, "Frederick Hirsch" >>> <Frederick.Hirsch@nokia.com> wrote: >>> >>>> thanks, I'll add this to the reference unless anyone objects. >>>> >>>> regards, Frederick >>>> >>>> Frederick Hirsch >>>> Nokia >>>> >>>> >>>> >>>> On Jan 13, 2010, at 10:19 AM, ext Harold Lockhart wrote: >>>> >>>>> Here is a link, but you have to pay to get more than the abstract. >>>>> >>>>> http://www.springerlink.com/content/26vljj3xhc28ux5m/ >>>>> >>>>> Hal >>>>> >>>>>> -----Original Message----- >>>>>> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com] >>>>>> Sent: Tuesday, January 12, 2010 3:58 PM >>>>>> To: Harold Lockhart >>>>>> Cc: Frederick Hirsch; public-xmlsec@w3.org >>>>>> Subject: Re: Reference for SHA-1 being broken >>>>>> >>>>>> >>>>>> thanks. Is there a URL? >>>>>> >>>>>> regards, Frederick >>>>>> >>>>>> Frederick Hirsch >>>>>> Nokia >>>>>> >>>>>> >>>>>> >>>>>> On Jan 12, 2010, at 3:45 PM, ext Harold Lockhart wrote: >>>>>> >>>>>>> Well Wang's team has published a bunch of papers in 2005 >>> and their >>>>>>> initial results merely weakened SHA-1, while completely breaking >>>>>>> MD-5. However this seems to be the paper which convinced >>> everybody >>>>>>> that SHA-1 had to be phased out in fairly short order: >>>>>>> >>>>>>> >>>>>>> Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the >>> Full SHA-1. >>>>>>> In Shoup, V., editor, Advances in Cryptology - CRYPTO 2005, 25th >>>>>>> Annual International Cryptology Conference, Santa Barbara, >>>>>>> California, USA, August 14-18, 2005, Proceedings, volume 3621 of >>>>>>> LNCS, >>> pages 1736. >>>>>>> Springer, 2005. >>>>>>> >>>>>>> >>>>>>> Hal >>>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>> >>> >> >> > > >
Received on Wednesday, 13 January 2010 20:10:07 UTC