well, the article is talking about an attack on client certificates it seems, but the top comment from yuhong bao is talking about handshake hashes. hmm.
looks like it came out of the same research that produced logjam. also looks like the media/internet chatterers don't really understand it and it just pushed the hot button "SHA1 is crap" issue.
"We now demon-
strate weaknesses in these constructions and show how
they can be exploited to mount practical transcript
collision attacks on real-world clients and servers."
"In TLS versions before 1.2, the default hash function is a
concatenation of MD5 and SHA-1 and hence requires
computing 2 77 MD5 and SHA-1 hashes. In TLS 1.2,
if the signature uses SHA-1, the cost is 2 77 hashes.
Remarkably, TLS 1.2 also allows RSA-MD5 signatures,
and for such signatures, the cost of the collision is
only 2 39 MD5 hashes."
they have a different idea of practical to me. and that only applies to client certs, which basically no one uses.
"That ambitious privacy toolset aside, Chaum is also building into PrivaTegrity another feature thats sure to be far more controversial: a carefully controlled backdoor that allows anyone doing something generally recognized as evil to have their anonymity and privacy stripped altogether."
facepalm
proslogion joined the channel
proslogion
waxwing: 2^77 SHA-256 is way more practical than 2^77 SHA1 ;)
waxwing
heh, good point
SHA1 all the things immediately
chaum apparently has lost his marbles. or the NSA put something in his tea.
otoh digicash ... enough said i guess
proslogion
well since when did Chaum have marbles....
a bit harsh, sorry
waxwing
yeah, i think it might actually be fair, don't worry :)
i sometimes forget that genius is often accompanied by severe eccentricity.
proslogion
yeah Ars Technica goes for click-baiting
a shame
more on Chaum: it's exactly why IMO, people can't just push for large blocksizes because they want "success" of some sort, once they accomplish this, the authorities can point to this as an example:"look, it shows that we can have some leadership answerable to us and make the entire community follow suit, we have been fooled all aong"
waxwing
sure. i have occasionally tried to make the argument that the real urgency with bitcoin is to freeze it, no matter how bad the current design. but i don't think either camp likes that argument :)