[Standards] [Fwd: [Council] meeting minutes, 2007-11-21]

Dave Cridland dave at cridland.net
Thu Nov 22 15:42:07 UTC 2007


On Thu Nov 22 00:04:29 2007, Joe Hildebrand wrote:
> As an aside (not meant to derail the process, because, again, I  
> don't  care what the algorithm is), I don't agree that SHA-1 is  
> unsound for  this use.  It would mean that someone was able to pick  
> plaintext that  had a given hash,

No it wouldn't. :-)

>  but still made sense as valid XML.  The chances of  that still  
> seem... remote.

But this is still true, irregardless. Most collision attacks are  
based on finding a place to add more or less random junk, and that  
would, presumably, go for preimage attacks, too, if there were any.

The more structured the message has to be to be considered genuine,  
the harder it is to mount a preimage attack. (Or collision attack.)

See Section 2.1 of RFC4270, second paragraph.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade



More information about the Standards mailing list