[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] In case y'all didn't catch it yet...
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] In case y'all didn't catch it yet...
- From: Willem Koenings <infsec@xxxxxxxxx>
- Date: Wed, 16 Feb 2005 23:37:16 +0200
On Wed, 16 Feb 2005 09:27:45 -0600, Bart.Lansing@xxxxxxxxx
<Bart.Lansing@xxxxxxxxx> wrote:
>
> A couple of things to note from mr schneider's blog warning...
His name is Schneier, at least show some respect?
> Fact..until it's published and the method handed out and it's replicated
> independently, SHA-1 is NOT broken.
>
> Fact..the people posting here missed a fairly important bit of schneider's
> blog-post, and I quote:
>
> >>The paper isn't generally available yet. At this point I can't tell if
> the attack is real.
>
> read it again: >>AT THIS POINT I CAN'T TELL IF THE ATTACK IS REAL.
What I understand from blog, is that Schneier has this paper on his
hands and currently is analysing it. Yes, paper is not publicly
abailable, but he has it. Schneier is very reputable and i'm sure if
he already put a such of warning on his blog, he had every possible
reason to do so.
Of course you and I don't put up tomorrow such a attack, but this is
not a real issue. The real issue is possibility and credibility -
trust.
all the best,
W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html