lance james <lan...@securescience.net> writes: > stupid question - does this effect IPSec realistically as well?
IPSec and IPSec related protocols like IKE use SHA-1 in various places. Whether those actually could be attacked using the known weaknesses in SHA-1 would require detailed examination of the individual protocols. In general, uses that require only preimage resistance are not yet at risk, those that require collision resistance are. However, as has been seen in the MD5-based fake CA attack, sufficiently clever people can sometimes come up with ways to turn something that appears to depend on preimage resistance into something that really only depends on collision resistance. This is all another way of saying "no reason to panic, but moving to things that use SHA-2 instead of SHA-1 would be a good idea". Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com