You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+unsubscribe@googlegroups.com.
To post to this group, send email to cap-...@googlegroups.com.
Visit this group at https://groups.google.com/group/cap-talk.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CABHxS9jjiU1uf_ns19%2BEcqJ6QUpj_RRiToOX%2B7N7sHvBZtL63w%40mail.gmail.com.
Do you mean that you have not considered VaTP secure for some time? Or that this new info convinces you that it's not secure?
Also, do you mean that there's some sort of line, with secure protocols on one side and insecure on the other? Surely security is a matter of degree. Very few things are secure against an attacker willing to spend 100 gpu-years to forge a message.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAD2YivbQ2fsvd3S-F7Z8fe7WeG1K%3Dq8FGFz5t0v7LkY2dOS8NQ%40mail.gmail.com.
Quoting Mark Miller (2017-02-24 14:40:54)
> The new info.
The new info isn't really an earth-shattering revelation; SHA-1 has been
a very rickety bridge for some time. NIST deprecated it 6 years ago, and
folks had done the math re: how much compute it would take to find a
collision with known techniques. We knew this was coming.
I haven't looked closely enough at how the protocol uses SHA-1 to know
how devastating or not a collision attack would be. For anyone using it,
there should be efforts to move to a safer hash. But that's been true
for a while.
Unfortunately, ignoring warning signs and waiting until a crypto
protocol snaps in two is all too common.
-Ian
--
You received this message because you are subscribed to the Google Groups "e-lang" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e-lang+unsubscribe@googlegroups.com.
To post to this group, send email to e-l...@googlegroups.com.
Visit this group at https://groups.google.com/group/e-lang.
To view this discussion on the web visit https://groups.google.com/d/msgid/e-lang/CAK5yZYgcFEsT1dS7BacxC6Pez-BCjiCp6TtptwWB3fbT94P14A%40mail.gmail.com.
Note that Cap'n Proto at present doesn't specify any encryption, thus vacuously avoids using any broken crypto. (We suggest layering it on top of TLS for the time being.)Someday I hope to specify an official Cap'n Proto crypto transport based on the Noise protocol framework and choosing ChaCha20, Poly1305, BLAKE2, and X25519 as primitives. The goal in choosing something other than TLS would be to achieve zero-round-trip 3-party handoff via a pre-shared key provided by the introducer.-Kenton
On Fri, Feb 24, 2017 at 12:37 PM, Mark Miller <eri...@gmail.com> wrote: