Jim Gillogly Says

NIST ANNOUNCES TECHNICAL CORRECTION TO SECURE HASH STANDARD -----------------------------------------------------------

The National Institute of Standards and Technology today announced it will initiate a technical modification to a computer security standard used to support the authentication of electronic messages. The revision will correct a minor flaw that government mathematicians discovered in a formula that underlies the standard.

... remains a highly secure way to ensure integrity of ... NIST expects that products implementing the current standard can be used until the technical correction becomes effective.

Researchers at the National Security Agency, who developed the formula and discovered the flaw in a continuing evaluation process, now believe that although the forumla in FIPS 180 is less secure than originally thought, it is still extremely reliable as a technical computer security mechanism. The discovery of this flaw indicates the value of continued research on existing and new standards.

So, have they mentioned what the problem was, or how to fix it? -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki@nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche