SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 12:40 PM
| ||||
| ||||
 Re: Question related to the Hash-Algorithms used for the Ports > During a report of the german news-website "Heise.de" experts > (Christian Rechberger and Christophe De Cannihre) on the Crypto2006 (a > conference) talked about at least one practical attack aggainst SHA-1. Are you referring to a collision attack, or a second preimage attack? i.e. can an attacker produce two files with the same SHA-1 hash, or can they construct a file that matches a given SHA-1? There's a huge difference, especially in the case of the ports tree. > The Ports-System uses MD5 and SHA1 wich are both now, at least for > cryptographic experts, brocken and not realy trustfull anymore. So 2 of > 3 Algorithms used by the Ports-System are in fact weak. Again, there's a distinction between the two attacks. A very important one, since a collision attack doesn't really help a would-be ports-tree attacker. > I think one of the Problems is that OpenSSL provides just a wide range > of unsecure HASH-Functons like MD2/4/5 SHA and now also SHA1. > The only algorithm considred as secure is the Ripe-MD (or rmd) > algorithm. says who? > So no matter what you`ll do (as developers of OpenBSD) the question > came up one more time and I think some peoples should start looking for > alternative HASH-Algorithms used in the Ports. And I think people should start looking for secure hash algorithms, period, but that's going to take a while. A LONG while. -kj      |
 |
« Re: Question related to the Hash-Algorithms used for the Ports
|
Re: Question related to the Hash-Algorithms used for the Ports »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
All times are GMT. The time now is 03:34 PM.
