[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure Hash Standard (SHS/SHA) Broken by NSA



Jim Gillogly Says
>       NIST ANNOUNCES TECHNICAL CORRECTION TO SECURE HASH STANDARD
>       -----------------------------------------------------------
>
>   The National Institute of Standards and Technology today announced it
>   will initiate a technical modification to a computer security standard
>   used to support the authentication of electronic messages.  The
>   revision will correct a minor flaw that government mathematicians
>   discovered in a formula that underlies the standard.
>
>   ... remains a highly secure way to ensure integrity of ...
>   NIST expects that products implementing the current standard can be
>   used until the technical correction becomes effective.
>
>   Researchers at the National Security Agency, who developed the formula
>   and discovered the flaw in a continuing evaluation process, now believe
>   that although the forumla in FIPS 180 is less secure than originally
>   thought, it is still extremely reliable as a technical computer
>   security mechanism.  The discovery of this flaw indicates the value of
>   continued research on existing and new standards.

So, have they mentioned what the problem was, or how to fix it?

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
[email protected]
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche