SHA-1

Well, so much has been said on this subject. Dunno what's left. Guess I'm just gonna go with:

1. I concur with Schneier's second statement on the matter: yes, this is an impressive result, cryptanalytically, and yeah, it's time to migrate away from SHA-1. With some haste. It's unlikely anyone's gonna get ripped off any time soon from exploits that arise, but it's also appropriate to get going on ensuring this.
2. With all due respect to my erstwhile peers (I worked as a reporter for some time, some years back), it's kinda painful watching the mainstream press handle this. Really has been some mangled, confused reporting on the deal. Worst article I saw (see it here) referred to 'Schneier's team', and, weirdly, seemed clearly to imply Schneier himself had done the research and would be publishing a paper shortly (not the Chinese team). That's just really bad reporting, though, I suppose, might just have been due to translation difficulties. And, as a more typical gaffe, the otherwise essentially sensible article in The Sydney Morning Herald today blew the math (or perhaps just dropped some zeroes in layout) with their first estimate--that '12,000 years' ballpark figure for finding a collision in a space of 2⁸⁰ hashes with a hypothetical computer is off by 10³--it should read 12,000,000.

Yeah, yeah, I know. I'm so picky. But this is a story about crypto. You'd think they'd have checked the math in the final galleys.

Savages in this town.

(Update: to his credit, the author of the Herald article was happy to fix the 12 million thing. Mebbe I'm just getting cranky in my old age.)

The louder the tunes, the better the spec

Drafting a crypto protocol spec today; conspiring to work a new elliptic curve method into an existing protocol suite. As is usually the case, the heads up I got that this needed doing was easily several weeks less than it should have been.

There is no way to do this without music. Loud music. So I've got a USB drive full .oggs, and I'm blasting away.

Currently up: Midnight Oil's Safety Chain Blues.

Back in the saddle

Managed to get another query out to an agent this aft, the first in months.

Yep, this brings my total to something like 14 (I think) over almost a year. As previously noted, this flogging the book thing, it's not my bag. I can writes 'em jes fine, but writing a letter built to argue why someone might want to buy it, that's something that comes to me about as readily as does doing my taxes...

Which is to say, it doesn't.

Ah well. A little happier with what went out this time, anyway. Little refinements, here and there, but it adds up. Dialogue's a bit more interesting, character voices a bit more distinct and developed, methinks.

Tune in three months from now, when I send the fifteenth.