Re: [exim] CRAM-MD5 with Courier authdaemon (with one wishli…

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
MJakob Hirsch en <-
 
Delete this message
Reply to this message
Autor: Dennis Davis
Data:  
A: Jakob Hirsch
CC: 'Exim-users', D.H.Davis, ccsdhd
Assumpte: Re: [exim] CRAM-MD5 with Courier authdaemon (with one wishlist suggestion and a security question)
On Fri, 18 Feb 2005, Jakob Hirsch wrote: 

> From: Jakob Hirsch <jh@???>
> Resent-From:  D.H.Davis@???
> To: 'Exim-users' <exim-users@???>
> Date: Fri, 18 Feb 2005 16:51:23 +0100
> Subject: [exim] CRAM-MD5 with Courier authdaemon (with one wishlist suggestion
>      and a security question)

...

> Even though everybody now thinks SHA-1 is insecure...

Not quite. See:

http://www.financialcryptography.com/mt/archives/000355.html

which includes the comment:

"it seems that Schneier forgot to mention that the paper has a footnote
which says that the attack on full SHA-1 only works if some padding
(which SHA-1 requires) is not done." 

It seems that the attack weakens full SHA-1 without the padding and 
reduced round versions of SHA-1.  The results look important and perhaps 
can be improved.  But for practical purposes I think I'll stick with SHA-1 
rather than reverting to MD5.  No panic yet, certainly not for the low-key 
uses I need!
 -- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101



Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] annoyance with reverse lookupRe: [exim] sieve/vacation->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)