On 17.02.05 15:36, Lutz Donnerhacke wrote:
* Konrad Rosenbaum wrote:
While this attack reduces SHA-1 from strength 2^80 to 2^69 and
2^69 operations is still unreachably much, likelihood seems high
that someone will improve this attack once the paper has been
released.
Should we phase out SHA-1? But in favour of what?
Don't panic. This problem is already solved by allowing different
hash-algorithms in the packet format. As long as no detailed
examination of other algorithms is available, OpenPGP should not
change MAYs and MUSTs.
Although I agree that we must not rush, but make weighted decisions,
there is a ground for some misgivings. For instance, v4 key format
relies solely on SHA-1 for fingerprints and MDC calculation, and when
(and if) the attack in question will become more useful in practical
sense, may lead to bad results.
--
Respectfully yours,
__________________________________
Vladislav "SATtva" Miller
"PGP in Russia" project leader
http://www.pgpru.com
PGP public key ID: 0x4D8BB49E
http://www.pgpru.com/contacts/
Email encryption and digital signing
is highly desired. Preferred method
is OpenPGP, otherwise S/MIME.