On Thu, 17 Feb 2005 16:49:27 -0800 (PST), "Hal Finney" said:
alternative views that SHA-1 is just fine and/or that SHA-2 is no better.
I don't think SHA-1 is just fine and I do think that SHA-2 is better.
Where we go with that is still open for discussion.
I agree with your reasoning.
We should however not kick out SHA-1 from all places where it is now
used and replace it by SHA-256 before we understand the new attack.
If we recall the DES development, the NSA knew techniques which got
invented in open research only years later. Hopefully that is the
case with SHA-2 too.