Ballot 164 statement of intent is pretty clear: (arbitrary) 64 bit of randomness was needed to defeat collisions in broken MD5.
With SHA2, the missing 1 bit does not seem to have any impact on the possible collisions. But BRs are not to be interpreted, just to be applied to the letter, whether it makes sense or not. When it no longer makes sense, the wording can be improved for the future. PS replacing handful of certs within 5 days is fairly easy; replacing thousands (or millions, as we find out) is much less likely. Should BRs account for that? On Friday, March 8, 2019 at 2:47:27 AM UTC+1, Peter Gutmann wrote: > 0. Given that the value of 64 bits was pulled out of thin air (or possibly > less well-lit regions), does it really matter whether it's 63 bits, 64 > bits, 65 3/8th bits, or e^i*pi bits? > > Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
