02-19-06 01:22 PM
On Fri, 17 Feb 2006 16:11:42 GMT
Robert J. Hansen <rjh@sixdemonbag.org> Wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I'm sitting in an auditorium at the NSF CyberTrust Workshop being held
in Menlo Park, California. My advisor's plane got grounded in O'Hare
due to the recent snowstorm and so he's unable to attend. I'm sitting
in his place, with Ron Rivest on one side of me, Avi Rubin one seat past
him, David Wagner further on down, with Josh Benaloh rounding out the
crop. I have never before felt so insignificant in the world of
computer security.
I struck up a conversation with various and sundry people over lunch,
asking people from NIST and people well-known for their involvement in
crypto and hash functions questions about when we were going to see
DSS-2... after all, shouldn't it have come out some time ago?
So far the unanimous answer has been "DSS-2? What? Nobody told me
about that."
Nobody, literally _nobody_ is aware of any current work on DSS-2. I've
been referred to something called Suite B, which is a new DoD standard
for digital signatures incorporating ECC and other more recent
developments, but there's been nothing about any extensions or revisions
to DSS.
Please note that I am _not_ saying DSS-2 is nonexistent. All that I'm
saying is that the people who I would expect to be following DSS-2 have
literally never heard of it.
Other news: Rivest says that the SHA-2 series "appear immune" to the
SHA-1 attack. He immediately qualified that statement by saying that
the SHA-1 attack was very surprising and he wasn't ruling out the
possibility of other very surprising attacks against the SHA-2 family;
however, for the moment, the SHA-2 family is the best game in town. I
asked him if the SHA-2 family were a long-term solution given that it's
a FIPS, and his response was (understandably) ambivalent--it amounted to
"its term is until someone finds a good attack against it, whenever that
is". I asked about future developments in hash functions, and he
indicated things were moving very slowly and we shouldn't expect any new
FIPS for another couple of years.
The conference is going well, but I'm unable to comment on its content.
More stuff later.
Obligatory legalese: *Ask me for permission before you reprint this
elsewhere*.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iQIcBAEBCgAGBQJD9koeAAoJECIVXNyTGwuwoVQP
/A6uKSnkRi/dqL9dht+f71SS
f95/ xV7CGBXGTR5L96NTIkie0ciJ2QxbwG1SueHE0bv8
bt815kZETLVXOT4sYCK5
LkNj2AQlPTLXrYUFuUZSPfwAzitlPyR/gTwxWwlLLxi22nWW6vnkKVBLPPsembM9
sCGCioRbdCzE0ZE88ZGENLIhRqJDDfpz1nU1ldkt
ZQoZBU0gXfkF7RXOW0d7amCN
aa6/1a7cMrN8y/sZEzm95UuclO1bxe/Y2/B3Qcynv7bud7NQG27tAfZNiVnKM3i7
32oOKgcwF+X2Sxo59ENw9Hs1Yt7Xk+mEYCUHP2lr
kBXkFXQBCHJWWoeVrk5CHQO6
YptUHFtrBtdsSVEKF1/ O7WapzsmkWX2YFcr2n6EF3r9bLJVRKSxx16WKiY5
7zvzF
SnG4JoJzVS1RO2ccq/ AMP4Ou4ttvNXI4OfgS9z4CsDmZFZrQY+qIbppTGN
o5Viud
atO/ obhhlZg+CPr5UmrkyVkA7huAbrvEDFdGN41Ow5u6
pE8dGcdU01LDrsyjbDt0
mim7Oxe3pIUUWUKcDR0vVBniXfyxHksL2/U/T51R0s3poJ98wY9BwwPbULim+Xsc
EiPHxQcTzMgTe0/ rJV9yMFK++KOm5rLtBNxtYt3h3KANv5X4bK+Lgzv
PLaEbhpbs
/qlDL1/V89rS7XSPcynG
=QO9z
-----END PGP SIGNATURE-----
sheeeiiit, you think you gonna git them XXX wipes to git widda new ting like
DSS-2 when most of 'em won't even put away outdated pgp2.6.3?
i sho glad you da won crakin yo head agin the wall stead 'o me!
ma head hurt to much to try dat anymore
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified.
[ Post a follow-up to this message ]
| 
