[Dnssec-deployment] Starting with SHA1?
Ondřej Surý
ondrej.sury at nic.cz
Thu Aug 5 03:59:54 EDT 2010
Paul,
On 5.8.2010 01:27, Paul Hoffman wrote:
> At 1:12 AM +0200 8/5/10, Ondrej Filip wrote:
>>> I believe, this article could be interesting for you. It was
>>> discovered by one Czech colleague. This was exactly the reason we
>>> made a last minute change from SHA-256 to SHA-512.
>>
>> And here is the link - http://eprint.iacr.org/2010/430
>
> Maybe you misread the paper. It says "Our attack reduces the
> collision search, from the generic bound of 2^(n/2) to 2^(n/2-k/2)
> number of hash calls, where hashing is done over messages of length
> 2^k blocks." It is unlikely (actually, impossible) that any of your
> DNS records will be 2^256 bits long.
Correct me if I am wrong, but I don't think you need 2^256 messages long
(n != k).
f.e. if I have a RRSet 2^13 bits long (approx what .CZ has for DNSKEY
RRSIG now) then the collision search is reduced to 2^(256/2)-(13/2),
i.e. to 2^122.
And it get's worse for TXT records which can grow bigger, doesn't it?
Ondrej
--
Ondřej Surý
vedoucí výzkumu/Head of R&D department
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
More information about the Dnssec-deployment
mailing list