[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Should we settle on one SSL implementation?
- From: "Oisin Feeley" <oisin feeley gmail com>
- To: "Development discussions related to Fedora" <fedora-devel-list redhat com>
- Cc: Jesse Keating <jkeating redhat com>
- Subject: Re: Should we settle on one SSL implementation?
- Date: Sat, 27 Oct 2007 12:16:27 -0400
On 10/24/07, Bernardo Innocenti <bernie codewiz org> wrote:
> On 10/24/07 13:09, Alan Cox wrote:
[snip]
> > Which presumably means they'll not be using SHA1 much longer - right ?
>
> Uh? I wasn't aware SHA1 has been broken (at least, not in
> a practically exploitable way).
It hasn't ... yet. But the US government is mandating that it not be
used after 2010, so anyone wanting to be able to fulfill that needs to
plan now how to make the transition:
"March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224,
SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all
applications using secure hash algorithms. Federal agencies should
stop using SHA-1 for digital signatures, digital time stamping and
other applications that require collision resistance as soon as
practical, and must use the SHA-2 family of hash functions for these
applications after 2010."
http://csrc.nist.gov/groups/ST/hash/policy.html
Best wishes,
Oisin Feeley
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]