[Top] [All Lists]

Re: SHA-1 broken

2005-02-18 09:45:07

On Fri, 18 Feb 2005 16:27:04 +0100, aboietf  said:

3 of the newspaper mailing lists I am on (IIRC, it was on the Heise
Newsticker, the PC WELT newslist and the ""-newsreport).

Come on, not even semi-professionals would take PC WELT or that
general new magazine (focus) seriously. 

Hmh - for GnuPG the article may not have been a problem as it clearly
stated that end users doing manual decryption are _not_ susceptible to
the attack.

GnuPG is used in many gateways and AFAIK you are also using it.

So the article contains clear statements that crypto gateways
which use OpenPGP and do automatic decryption, are susceptible to
the attack (and thus "broken").

Aside from costing me time to explain the facts to every concerned
customer, this situation is not very nice for our company. We

That is what service is about; explain your clients whether this is a
problem for them or not.

if Jon writes that the OpenPGP protocol is going to be changed due to
a discovery, than this means to a journalist that the discovery must
be "a really important security flaw or else no one would bother to

Better to tell people about potential weaknesses than to shift them
under the carpet.  And well, from a commercial POT you get free
advertising due to such things.  There is even no competitor who does
it better - so why bother?

Anyway, such political or economic discussion is IMHO out of scope for
the WG. Feel free to use gnupg-users@ or similar to continue.



<Prev in Thread] Current Thread [Next in Thread>