Steven M. Bellovin wrote:
So -- what should we as a community be doing now? There's no emergency on SHA1, but we do need to start, and soon.
The wider question is how to get moving on new hash algorithms. That's a bit tricky.
Normally we'd look to see NIST or the NESSIE guys lead a competition. But NESSIE just finished a comp, and may not have the appetite for another. NIST likewise just came out with SHA256 et al, and they seem to have a full work load as it is trying to get DSS-2 out.
How about the IACR? Would they be up to leading a competition? I don't know them at all myself, but if the Shandong results are heard at IACR conferences, then maybe it's time to take on a larger role.
Most of the effort could be volunteer, and it would also be easy enough to schedule everything aligned with the conference circuit.
Just a thought. Anyone know anyone at the IACR?
iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]