[agl]

Collision resistance is harder to meet in the same way that "stronger" results are harder to prove. That is, I think you're correct and that my wording was just confusing, sorry!

Historically, many hash functions have been broken by collisions, but even very "weak" hash functions (i.e. MD5) still have full design strength for preimage and second-preimage resistance (as far as I know).

[dfc]

Out of curiosity is there a reason why cert-test.sandbox.g.c resolves to so many IPs compared to www.g.c?

  dfc@ronin:~$ host cert-test.sandbox.google.com |grep address |wc
       16      64     894
  dfc@ronin:~$ host www.google.com |grep address |wc
        6      25     262

I wanted to see how the various vendor ssl tests would handle sha256. Everything i tested had no problem, but they all took a little longer than usual because of the number of DNS results.

PS Not that it would matter but unlike other google hosts the cert-test does not have any IPv6 records.

[agl]

I don't think the load balancing is setup as tightly as www.google.com. It doesn't get much traffic after all.

[smussmann]

Yeah, I think I was just confused. An off-by-one error in applying negatives, I think.

Thank you for the article. I found it interesting to think about.