| Re: SHA-0 Broken | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Tue, 17 Aug 2004 13:03:12 -0400 (EDT) | |
> First, is TLS affected by this vulnerability? This idea came in mind > since the PRF relies on the abovementioned (semi-)broken cryptographic > algorithms. > > PRF(secret, label, seed) = > P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed); My understanding is that this PRF was used in part so that it would only be compromised if *both* MD5 and SHA-1 were broken. > Second, are EAP methods, that make use of TLS, subsequently > be threatened? If SHA-1 were broken, this would be problem not only for TLS, but also for any other key management protocol that uses a PRF based on SHA-1. But that hasn't happened yet.
-
SHA-0 broken Thomas Otto, August 17 2004
- Re: SHA-0 broken Jari Arkko, August 17 2004
- Re: SHA-0 broken Nicolas Williams, August 17 2004
- Re: SHA-0 Broken Bernard Aboba, August 17 2004
- Re: Re: SHA-0 Broken Mohamad Badra, August 17 2004
-
Re: SHA-0 Broken Thomas Otto, August 17 2004
-
Re: Re: SHA-0 Broken Nicolas Williams, August 17 2004
- Re: Re: SHA-0 Broken Florent Bersani, September 10 2004
-
Re: Re: SHA-0 Broken Nicolas Williams, August 17 2004
Results generated by Tiger Technologies using MHonArc.