SHA1 being used despite public key preferences

[smu johnson]

On Wed, Oct 20, 2010 at 6:50 PM, Robert J. Hansen <rjh at sixdemonbag.org>wrote:


> The problem comes from saying, "well, Bruce says…".
>
> A good argument stands on its own legs: it doesn't rely on any external
> authority for its soundness.  A lot of people in the crypto community are
> extraordinarily sensitive to what's called "appeal to authority" — since
> this one person says so, it must be so.  It's far better to give an argument
> that stands on its own, rather than appeal to "it's what Bruce says."
>
>
Two things.  First, "Bruce says.." was meant to be sort of like a
bibliography, when you try to find experts in the field who have said the
same things you are saying.  Usually it's good to give a bit of evidence for
some of the arguments you are making.  It is at least a better argument than
me writing to the list without anything to back it up.  So, I quoted some
stuff Bruce said.  Would you go around telling people who have citations in
bibliographic form that "A good argument stands on its own legs: it doesn't
rely on any external authority for its soundness."?

Second thing:  I already gave a good argument.  Let's forget what Bruce
said.  And forget that I gave him as source.   Let's go back to the basic
message:  SHA-1 is broken.  It has been public knowledge for 5 years, and 2
years ago, a better attack was published.  That is the basis for this whole
thread, more or less. Ignore everything else I've said, except this one
thing: SHA-1 is broken.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101021/c36eecbb/attachment.htm>