|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: potential hazards of Protect-America act
I think I need to eat crow on the MD5 comment -- I was confused with SHA, which although has been attacked, is still holding up: http://www.schneier.com/blog/archives/2007/01/sha1_cracked.html Frank -----Original Message----- From: Steven M. Bellovin [mailto:[email protected]] Sent: Tuesday, January 29, 2008 9:13 PM To: [email protected] Cc: [email protected]; [email protected] Subject: Re: potential hazards of Protect-America act On Tue, 29 Jan 2008 20:28:05 -0600 "Frank Bulk" <[email protected]> wrote: > > Pretty good in the generalities, but there are few finer technical > points that could be been precisely and accurately stated. One that > comes to mind was the MD5 reference, another was the "50% loss" when > talking about performing an optical split. > Speaking as one of the authors, we did our best. (But what do you mean about MD5? That was taken straight from the FOIAed FBI documents, and from conversations with people in law enforcement I'm quite certain that MD5 is still used -- inappropriately! -- in sensitive places.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
|