[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 04:20:26

On 17.02.05 15:36, Lutz Donnerhacke wrote:
* Konrad Rosenbaum wrote:

While this attack reduces SHA-1 from strength 2^80 to 2^69 and
2^69 operations is still unreachably much, likelihood seems high
that someone will improve this attack once the paper has been

Should we phase out SHA-1? But in favour of what?

Don't panic. This problem is already solved by allowing different 
hash-algorithms in the packet format. As long as no detailed
examination of other algorithms is available, OpenPGP should not
change MAYs and MUSTs.

Although I agree that we must not rush, but make weighted decisions,
there is a ground for some misgivings. For instance, v4 key format
relies solely on SHA-1 for fingerprints and MDC calculation, and when
(and if) the attack in question will become more useful in practical
sense, may lead to bad results.

Respectfully yours,

 Vladislav "SATtva" Miller
 "PGP in Russia" project leader

 PGP public key ID: 0x4D8BB49E

 Email encryption and digital signing
 is highly desired. Preferred method
 is OpenPGP, otherwise S/MIME.

<Prev in Thread] Current Thread [Next in Thread>