“A nearly impenetrable thicket of geekitude…”

More on Hashes

Since I last wrote about the problem with hashes, there has been a fair bit of activity and some progress:

  • An internet draft is available describing the nature of the attacks on hash functions, and how different internet applications are affected. [2018-03-02: This became RFC 4270.]
  • According to the OpenSSL changes file, additional hash algorithms are going to be supported in version 0.9.8. There is no indication of a date for that release, though.
  • Don Eastlake’s internet draft on Additional XML Security Uniform Resource Identifiers (URIs) has progressed to its final status as RFC 4051.

I have updated my previous article to reflect this.

[2018-03-02: The Hoffman draft is now RFC 4270.]