More on Hashes

Since I last wrote about the problem with hashes, there has been a fair bit of activity and some progress:

  • An internet draft is available describing the nature of the attacks on hash functions, and how different internet applications are affected.
  • According to the OpenSSL changes file, additional hash algorithms are going to be supported in version 0.9.8. There is no indication of a date for that release, though.
  • Don Eastlake's internet draft on Additional XML Security Uniform Resource Identifiers (URIs) has progressed to its final status as RFC4051.

I have updated my previous article to reflect this.

[Updated 20051030 with latest URL for the Hoffman draft.]