[Standards] [Fwd: [Council] meeting minutes, 2007-11-21]
dave at cridland.net
Thu Nov 22 15:42:07 UTC 2007
On Thu Nov 22 00:04:29 2007, Joe Hildebrand wrote:
> As an aside (not meant to derail the process, because, again, I
> don't care what the algorithm is), I don't agree that SHA-1 is
> unsound for this use. It would mean that someone was able to pick
> plaintext that had a given hash,
No it wouldn't. :-)
> but still made sense as valid XML. The chances of that still
> seem... remote.
But this is still true, irregardless. Most collision attacks are
based on finding a place to add more or less random junk, and that
would, presumably, go for preimage attacks, too, if there were any.
The more structured the message has to be to be considered genuine,
the harder it is to mount a preimage attack. (Or collision attack.)
See Section 2.1 of RFC4270, second paragraph.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards