[Dnssec-deployment] Starting with SHA1?

Paul Hoffman paul.hoffman at vpnc.org
Thu Aug 5 09:24:54 EDT 2010


At 9:59 AM +0200 8/5/10, OndÞej Sur˜ wrote:
>Paul,
>
>On 5.8.2010 01:27, Paul Hoffman wrote:
>>At 1:12 AM +0200 8/5/10, Ondrej Filip wrote:
>>>>I believe, this article could be interesting for you. It was
>>>>discovered by one Czech colleague. This was exactly the reason we
>>>>made a last minute change from SHA-256 to SHA-512.
>>>
>>>And here is the link - http://eprint.iacr.org/2010/430
>>
>>Maybe you misread the paper. It says "Our attack reduces the
>>collision search, from the generic bound of 2^(n/2) to 2^(n/2-k/2)
>>number of hash calls, where hashing is done over messages of length
>>2^k blocks." It is unlikely (actually, impossible) that any of your
>>DNS records will be 2^256 bits long.
>
>Correct me if I am wrong, but I don't think you need 2^256 messages long (n != k).

I believe you are wrong, but you should ask the paper's authors. The Kelsey&Schneier paper they refer to, using the same sized parameters, only applies to horrendously large messages.

--Paul Hoffman, Director
--VPN Consortium


More information about the Dnssec-deployment mailing list