SHA1 collisions proven possisble

Royce Williams royce at
Thu Mar 2 05:25:18 UTC 2017

On Wed, Mar 1, 2017 at 7:57 PM, James DeVincentis via NANOG
<nanog at> wrote:

[ reasonable analysis snipped :) ]

> With all of these reasons all wrapped up. It clearly shows the level of hype around this attack is the result of sensationalist articles and clickbait titles.

I have trouble believing that Sleevi, Whalley et al spent years
championing the uphill slog of purging the global web PKI
infrastructure of SHA-1 to culminate in a flash-in-the-pan clickbait

Instead, consider how long it has historically taken to pry
known-to-be-weak hashes and crypto from entrenched implementations.

If this round of hype actually scares CxOs and compliance bodies into
doing The Right Thing in advance ... then the hype doesn't bother me
in the slightest.


More information about the NANOG mailing list