Tuesday, November 01, 2005

U.S. mulls new digital-signature standard

CNET News.com: "GAITHERSBURG, Md.--A team of Chinese scientists shocked the data security world this year by announcing a flaw in a widely used technique used to create and verify digital signatures in e-mail and on the Web.
Now the U.S. government is trying to figure out what to do about it.
The decade-old algorithm, called the Secure Hash Algorithm, or SHA-1, is an official federal standard and is embedded in every modern Web browser and operating system. Any change will be expensive and time-consuming--and a poor choice by the government would mean that the successor standard may not survive another 10 years.
'We're going to have to make a decision fairly soon about where to push people,' said John Kelsey of the National Institute of Standards and Technology (NIST), which convened a workshop here on the topic Monday. Even though NIST is only technically responsible for government standards-setting, Kelsey noted, 'we're likely to get a lot of other people to head in that direction as well.' "

No comments: