* David Shaw wrote:
On Sat, Aug 21, 2004 at 09:23:13PM +0000, Lutz Donnerhacke wrote:
Not necessary. All known attacks does not impose a direct risk to md5 based
OpenPGP issues.
True, but would you recommend using MD5 these days?
No. I won't recommend any hash soley based on bit-logic and modular
arithmentic these days.
The time to deprecate it is before it is completely broken, and the
attacks do pose a direct risk.
OpenPGP recommends SHA1. I'm feeling bad with this, but this is not the
subject of discussion.
MD5 showed some signs of weakness a few years ago. A few days ago, it
showed some pretty serious problems. Let's let it go now while it is
relatively easy to do so.
MD5 shares some weeknesses with other hash algoithms. Don't blame MD5 alone.
In section 9.4, add a note indicating that hash algorithm 1 is MD5,
but MD5 is deprecated, and SHOULD NOT be used.
So please add "SHA1 MAY NOT be used."