Since I last wrote about the problem with hashes, there has been a fair bit of activity and some progress:
- An internet draft is available describing the nature of the attacks on hash functions, and how different internet applications are affected.
- According to the OpenSSL changes file, additional hash algorithms are going to be supported in version 0.9.8. There is no indication of a date for that release, though.
- Don Eastlake's internet draft on Additional XML Security Uniform Resource Identifiers (URIs) has progressed to its final status as RFC4051.
I have updated my previous article to reflect this.
[Updated 20051030 with latest URL for the Hoffman draft.]