mrd

Leveraging synergy in this championship year
Michael Davies' Blog

Michael Davies
michael [at] the-davies.net
GPG Id: 0x0AA9D6FC
RSS feed.

No Software Patents




Local
  chicago
  docs
  photo blog
  planet
  site-index
  software

News
  lwn
  /.
  linuxtoday
  kernel traffic
  theregister
  abc
  bom
  

Software
  sourceforge
  savanna
  tigris
  ibiblio
  freshmeat
  tridge's junkcode
  Software Development wiki
  My Software
  

Utility
  Free DNS
  absolute truth
  google
  wikipedia
  convert currency
  convert time
  convert tongues
  convert temperature
  convert temperature (2)
  linux man pages
  thesaurus
  dictionary
  acronyms
  street maps downunder
  street maps usa
  toilets downunder
  


My Amazon Wishlist

www.flickr.com

Powered by PyBlosxom

Copyright © 2003, 2004, 2005, 2006, 2007, 2008 Michael Davies,
All Rights Reserved.
All opinions are mine only.

SHA-1 not considered safe

So I don't know how I missed this:

Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010

Both MD5 and SHA-1 aren't safe as previously mentioned - but having an advisory indicating that you should stay away from SHA-1-series algorithms is biting.

Here's a paper on the implications on S/MIME, TLS and IPSEC. This is something that really should be considered soon.

| 21 Jan 2007 | #

 

This web page is optimised for standards.
If this page renders poorly, upgrade to a standards-compliant browser (like Firefox).
This page is Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Michael Davies. All Rights Reserved.