In message <[EMAIL PROTECTED]>, Steven D'Aprano wrote: > On Sun, 09 Sep 2007 18:53:32 +1200, Lawrence D'Oliveiro wrote: > >> In message <[EMAIL PROTECTED]>, Paul Rubin wrote: >> >>> Lawrence D'Oliveiro <[EMAIL PROTECTED]> writes: >>> >>>> Except that the NSA's reputation has taken a dent since they failed to >>>> anticipate the attacks on MD5 and SHA-1. >>> >>> NSA had nothing to do with MD5 ... >> >> Nevertheless, it was their job to anticipate attacks on it. After all, >> they call themselves the "National _Security_ Agency", don't they? > > The NSA has many jobs, and doing public research in crypto is only one of > them -- and a particularly small one at that. For all we know, they had > an attack on MD5 ten years before anyone else and didn't tell anyone > because keeping it secret made it useful for one of their other jobs.
Yes, but they're supposed to look after US _National_ security, not their own security. Since people in strategic jobs make so much use of hash functions in crypto, that means it is most certainly an important part of the NSA's function to ensure that there are good hash functions available. They've fallen down on that job. >>> ... and it's to NSA's credit that SHA-1 held up for as long as it did. >> >> But they have no convincing proposal for a successor. That means the gap >> between the classified and non-classified state of the art has shrunk >> down to insignificance. > > I don't see how that follows. Because previously, the NSA has done things that it took open researchers years, even decades, to figure out. But not any more. -- http://mail.python.org/mailman/listinfo/python-list
