Hi,
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
While this attack reduces SHA-1 from strength 2^80 to 2^69 and 2^69
operations is still unreachably much, likelihood seems high that someone
will improve this attack once the paper has been released.
Should we phase out SHA-1? But in favour of what?
This also means that DSA/DSS is broken (a downgrade attack becomes
possible). Should we return to suggesting RSA as signature algorithm?
Konrad
pgpkNTuHKQLo9.pgp
Description: PGP signature