On Thu, 17 Feb 2005, Craig J. Lindstrom wrote: > Security is all about probabilities anyway. There are an infinite number of > collisions for every hash value. This does not make hashing useless. It > appears that SHA-1 is not as "strong" as was thought. Big deal, no one ever > believed it was that strong anyway. So go to SHA-256 or SHA-512. They are > both better(as far as we know) but neither will prevent collisions. The > point is, at what level are you comfortable with your security?
Sigh. It IS a big deal. People DID think that SHA-1 was secure until quite recently. That's why it was a NIST standard. It has nothing to do with preventing collisions from existing. It has everything to do with making them too hard to find. The point is often what level of security you're comfortable with, but in this case it's "are you comfortable using a broken system", and since you're on the UUG and not the Windows user group list, I presume the answer is no. > Throughout history every time a locksmith builds a better lock, a thief > eventually acquires the skills to pick it. No surprise here. We just move > on, and build a better lock. It is unsurprising when a new algorithm is broken. It is much more surprising when a hash function endorsed by NIST and beaten on for many years falls. That's what's happened here. 3DES and RSA have stood for 20 years now, and hopefully we'll find a new hash function that will last along with them. > My point is that the world as we know it has not ended. Sure we need to be > aware of things, and take appropriate action. But don't quit locking the > door just because someone can break in, most people can't or won't. > On another point, if you are concerned about security why would anyone use > a self-made pgp key? It is not trustworthy by nature. Sort of like making > your own social security card. > Security is a many layered beast. We just make it hard enough that it is > improbable to get at whatever we are protecting. It is never impossible. > Also you have to consider cost, you should not spend more on security than > the value of that which you are securing. Granted the "value" of many > things is hard to ascertain. Remember layers upon layers. Thanks for teaching us this important lesson about security. Being as the topic is the apparent discovery of collisions in the SHA-1 hash, though, perhaps you and the other pundits could have checked your facts a little better on that topic before proclaiming that the world is a safe place and that we need not pay any mind to what the actual security researchers are saying. To answer your question about PGP, it's every bit as secure as SSL or SSH in the scenario where you personally verify the fingerprints of the keys you receive. For people you don't know personally, it uses a decentralized web of trust, rather than the trusted-CA model used by SSL. (SSH doesn't bother with either, and expects you to verify each fingerprint manually). The 'pedia knows all: http://en.wikipedia.org/wiki/Web_of_trust You can even see a picture of the keysigning party we did in CS465: http://en.wikipedia.org/wiki/Keysigning_party -J -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
