pgpfan:no_new_ae
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
pgpfan:no_new_ae [2024/01/29 13:08] – [OCFB-MDC uses the insecure SHA1 hash. Therefore OCFB-MDC is insecure] stronger reference, stronger point b.walzer | pgpfan:no_new_ae [2024/01/29 13:21] (current) – [OCFB-MDC uses the insecure SHA1 hash. Therefore OCFB-MDC is insecure] More specific. b.walzer | ||
---|---|---|---|
Line 117: | Line 117: | ||
>It does not rely on a hash function being collision-free, | >It does not rely on a hash function being collision-free, | ||
- | So the currently known SHA1 collision weakness does not affect the security of OCFB-MDC in any way. OCFB-MDC prevents an attacker from getting access to the computed hash and the ability | + | So the currently known SHA1 collision weakness does not affect the security of OCFB-MDC in any way. OCFB-MDC prevents an attacker from getting access to the computed hash or even to generate |
I understand that the mere presence of something called SHA1 can cause problems in some situations, but such restrictions are not rational. If this is actually a problem then I suggest that the SHA1 used for OCFB-MDC be renamed to something like "The MDC Hash" and be respecified to only provide irreversability. | I understand that the mere presence of something called SHA1 can cause problems in some situations, but such restrictions are not rational. If this is actually a problem then I suggest that the SHA1 used for OCFB-MDC be renamed to something like "The MDC Hash" and be respecified to only provide irreversability. |
pgpfan/no_new_ae.txt · Last modified: 2024/01/29 13:21 by b.walzer