| 1 |
On Fri, Oct 20, 2017 at 11:23 AM, Ulrich Mueller <ulm@g.o> wrote: |
| 2 |
|
| 3 |
> >>>>> On Fri, 20 Oct 2017, Dirkjan Ochtman wrote: |
| 4 |
> |
| 5 |
> > As Hanno was saying, we'll have decades of warning before a break |
| 6 |
> > becomes practical, so I don't think this is a real concern. |
| 7 |
> |
| 8 |
> How can we be sure of that? I guess the same reasoning was applied |
| 9 |
> when MD5 and SHA1 hashes were used. |
| 10 |
> |
| 11 |
|
| 12 |
Yeah, and it actually did happen that way. Typically before preimage |
| 13 |
attacks (which are what we really care about here, as far as I understand |
| 14 |
it) happen there are several other types of attacks that will happen first, |
| 15 |
and that will provide advance warning about the level of security provided |
| 16 |
by SHA2. |
| 17 |
|
| 18 |
Cheers, |
| 19 |
|
| 20 |
Dirkjan |
Archives