Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: In case y'all didn't catch it yet...
From: Willem Koenings <infsec () gmail com>
Date: Wed, 16 Feb 2005 23:37:16 +0200

On Wed, 16 Feb 2005 09:27:45 -0600, Bart.Lansing () kohls com
<Bart.Lansing () kohls com> wrote:

A couple of things to note from mr schneider's blog warning...

His name is Schneier, at least show some respect?


Fact..until it's published and the method handed out and it's replicated
independently, SHA-1 is NOT broken.

Fact..the people posting here missed a fairly important bit of schneider's
blog-post, and I quote:

The paper isn't generally available yet. At this point I can't tell if
the attack is real.

read it again:  >>AT THIS POINT I CAN'T TELL IF THE ATTACK IS REAL.

What I understand from blog, is that Schneier has this paper on his
hands and currently is analysing it. Yes, paper is not publicly
abailable, but he has it. Schneier is very reputable and i'm sure if
he already put a such of warning on his blog, he had every possible
reason to do so.

Of course you and I don't put up tomorrow such a attack, but this is
not a real issue. The real issue is possibility and credibility -
trust.

all the best,

W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]