Charles Mills wrote: >I suspect you've got a problem, however. There's a saying in sales "when you
>explain, you lose." I can hear auditors saying "SHA-1 -- no good -- security >exposure" and I would not want to be the one explaining what you say below >to them. >Perhaps I underestimate IT auditors. I just know the "buzzword kneejerk" >problem. I reluctantly have to support this position (not because I don't generally agree with Charles, but because it flies in the face of reason). "Trouble is, sheep are very dim. Once they get an idea in their 'eads, there's no shiftin' it." Same applies to far too many auditors/QSAs/et al. SHA-1 is dead; "good enough" or not, there's no reason to use it any more, given that SHA-2 (and, hey, SHA-3!) exist, eh? .phsiii ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
