[dnssec-deployment] DNSSEC in Russia
Paul Hoffman
paul.hoffman at vpnc.org
Fri Apr 3 10:26:42 EDT 2009
At 2:28 PM +0400 4/3/09, Basil Dolmatov wrote:
>The referred article is a pure example of "impractical" "attack".
Wrong. It is a pure example of a weakening of the GOST hash function that has not been shown for SHA2. It is certainly impractical; if it were practical, GOST would have been replaced by now. Note that all of the attacks on SHA-1 are impractical in that not a single one has been realized in the real world; nonetheless, we are moving away from SHA-1. It is up to each organization to decide whether or not to use crypto that has been shown to be in theory weaker than other crypto. There are risks to keeping with the current crypto, and there are large operational costs with abandoning it.
--Paul Hoffman, Director
--VPN Consortium
More information about the Dnssec-deployment
mailing list