| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: infsec at gmail.com (Willem Koenings) Subject: In case y'all didn't catch it yet... On Wed, 16 Feb 2005 09:27:45 -0600, Bart.Lansing@...ls.com <Bart.Lansing@...ls.com> wrote: > > A couple of things to note from mr schneider's blog warning... His name is Schneier, at least show some respect? > Fact..until it's published and the method handed out and it's replicated > independently, SHA-1 is NOT broken. > > Fact..the people posting here missed a fairly important bit of schneider's > blog-post, and I quote: > > >>The paper isn't generally available yet. At this point I can't tell if > the attack is real. > > read it again: >>AT THIS POINT I CAN'T TELL IF THE ATTACK IS REAL. What I understand from blog, is that Schneier has this paper on his hands and currently is analysing it. Yes, paper is not publicly abailable, but he has it. Schneier is very reputable and i'm sure if he already put a such of warning on his blog, he had every possible reason to do so. Of course you and I don't put up tomorrow such a attack, but this is not a real issue. The real issue is possibility and credibility - trust. all the best, W.
Powered by blists - more mailing lists