[or-cvs] [tor/master] Remove some stuff from the SHA-1 paragraph.

Nick Mathewson nickm at seul.org
Fri May 8 16:52:41 UTC 2009 

Author: Nick Mathewson <nickm at torproject.org>
Date: Fri, 8 May 2009 12:49:15 -0400
Subject: Remove some stuff from the SHA-1 paragraph.
Commit: 183b5905bb58c8ce21cc25d8c97193e699cb767a

We don't need to explain the difference between 2nd preimage and
collision: anybody who doesn't know can use wikipedia.
---
 doc/spec/proposals/ideas/xxx-what-uses-sha1.txt |   20 ++++++++------------
 1 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/doc/spec/proposals/ideas/xxx-what-uses-sha1.txt b/doc/spec/proposals/ideas/xxx-what-uses-sha1.txt
index 10ada5f..b3ca3ee 100644
--- a/doc/spec/proposals/ideas/xxx-what-uses-sha1.txt
+++ b/doc/spec/proposals/ideas/xxx-what-uses-sha1.txt
@@ -75,18 +75,14 @@ Triage
           SHA-1 usage that depends on collision resistance
           and doesn't need the attacker to have any special keys.
 
-   There is no need to put much effort into fixing PREIMAGE and 
-   SECOND PREIMAGE usages in the near-term: while SHA-1 is 
-   theoretically broken with regards to those attacks, no practical 
-   attack has been published as far as we know. The difference 
-   between finding any collisions and finding a second preimage is 
-   like the difference between finding any two people with the same 
-   birthday and finding someone with the same birthday as you 
-   personally.  To fix COLLISION<code-signing> usages is not too 
-   important either, since anyone who has the key to sign the code 
-   can mount far worse attacks.  It would be good to fix 
-   COLLISION<authority> usages, since we try to resist bad authorities 
-   to a limited extent.  The COLLISION usages are the most important 
+   There is no need to put much effort into fixing PREIMAGE and SECOND
+   PREIMAGE usages in the near-term: while there have been some
+   theoretical results doing these attacks against SHA-1, they don't
+   seem to be close to practical yet.  To fix COLLISION<code-signing>
+   usages is not too important either, since anyone who has the key to
+   sign the code can mount far worse attacks.  It would be good to fix
+   COLLISION<authority> usages, since we try to resist bad authorities
+   to a limited extent.  The COLLISION usages are the most important
    to fix.
 
    Kelsey and Schneier published a theoretical second preimage attack 
-- 
1.5.6.5

More information about the tor-commits mailing list