|
From: | Justin Patrin |
Subject: | Re: [Monotone-devel] Re: Policy branches - first steps |
Date: | Mon, 26 Feb 2007 13:17:24 -0800 |
On 2/26/07, Steven E. Harris <address@hidden> wrote:
Paul Crowley <address@hidden> writes: > Monotone has a flag day coming up in any case, because of the move > away from SHA-1. To what are you/we moving?
I'll summarize what I remember from the summit about our security/encryption. 1) We should be moving to SHA-256 to make people feel better if nothing else. 2) We should be moving to DSA keys instead of RSA. 3) DSA can only sign less than 256 bits (140?) so moving to SHA-256 and DSA will be problematic. 4) There is a possible attack on netsync (Dan knows more). 5) Our signatures are directly reproducable through 2 subsequent runs. (I noticed this while doing nvm.ssh-agent. monotone and ssh-agent signatures match exactly. Paul caught this and mentioned that we shouldn't be doing this.) -- Justin Patrin
[Prev in Thread] | Current Thread | [Next in Thread] |