More on Hashes
Since I last wrote about the problem with hashes, there has been a fair bit of activity and some progress:
- An internet draft is available describing the nature of the attacks on hash functions, and how different internet applications are affected. [2018-03-02: This became RFC 4270.]
- According to the OpenSSL changes file, additional hash algorithms are going to be supported in version 0.9.8. There is no indication of a date for that release, though.
- Don Eastlake’s internet draft on Additional XML Security Uniform Resource Identifiers (URIs) has progressed to its final status as RFC4051.
I have updated my previous article to reflect this.
[2018-03-02: The Hoffman draft is now RFC 4270.]