Schneier.com: A New Secure Hash Standard

This is good and important news:

The U.S. National Institute of Standards and Technology is having a competition for a new cryptographic hash function. This matters. The phrase "one-way hash function" might sound arcane and geeky, but hash functions are the workhorses of modern cryptography. They provide web security in SSL. They help with key management in e-mail and voice encryption: PGP, Skype, all the others. They help make it harder to guess passwords. They're used in virtual private networks, help provide DNS security and ensure that your automatic software updates are legitimate. They provide all sorts of security functions in your operating system. Every time you do something with security on the internet, a hash function is involved somewhere.

And why is this new competition important?

The hash function you're most likely to use routinely is SHA-1. Invented by the National Security Agency, it's been around since 1995. Recently, though, there have been some pretty impressive cryptanalytic attacks against the algorithm. The best attack is barely on the edge of feasibility, and not effective against all applications of SHA-1. But there's an old saying inside the NSA: "Attacks always get better; they never get worse." It's past time to abandon SHA-1.

That's why! MD5 has been broken and it looks like SHA-1 is going to be broken sometime in the not too distant future so it important to find a new one. This competition will hopefully result in a lot of research in this area and a good new secure hash standard.

MS OOXML as an ISO standard?

I'm not much into how new standards are getting made at ISO, but the much discussed MS OOXML are now on track to becomming an ISO standard unless there is too many protests and problems with the format. I hope that it will get rejected by ISO because it is a bad format. The specification is HUGE and it is simply not possible for others to implement it! What good is a standard then? Furthermore, we already have a perfectly good standard called ODF which is already widely supported, but MS of course don't want to support that because it wants to keep the lock-in it's got on the marked. Here is another post about it:

The answer is to game the system. As part of this, the company has created (by itself, unlike Open Doc) a proposal for OOXML that is six thousand pages long, and then put it into the fast-track approval system with very minimal time for discussion and objection.