nanog mailing list archives
Re: SHA1 collisions proven possisble
From: Royce Williams <royce () techsolvency com>
Date: Wed, 1 Mar 2017 20:25:18 -0900
On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG <nanog () nanog org> wrote: [ reasonable analysis snipped :) ]
With all of these reasons all wrapped up. It clearly shows the level of hype around this attack is the result of sensationalist articles and clickbait titles.
I have trouble believing that Sleevi, Whalley et al spent years championing the uphill slog of purging the global web PKI infrastructure of SHA-1 to culminate in a flash-in-the-pan clickbait party. Instead, consider how long it has historically taken to pry known-to-be-weak hashes and crypto from entrenched implementations. If this round of hype actually scares CxOs and compliance bodies into doing The Right Thing in advance ... then the hype doesn't bother me in the slightest. Royce
Current thread:
- Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble Matt Palmer (Mar 01)
- RE: SHA1 collisions proven possisble james.d--- via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Mar 01)
- Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble Nick Hilliard (Mar 01)
- Re: SHA1 collisions proven possisble Matt Palmer (Mar 01)
- Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble Royce Williams (Mar 01)
- Re: SHA1 collisions proven possisble Jimmy Hess (Mar 02)
- Re: SHA1 collisions proven possisble valdis . kletnieks (Mar 02)
- RE: SHA1 collisions proven possisble james.d--- via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble James DeVincentis via NANOG (Mar 01)
- Re: SHA1 collisions proven possisble Peter Kristolaitis (Mar 01)
- Re: SHA1 collisions proven possisble Matt Palmer (Mar 01)