I haven't participated in this list so far but I have been lurking here for
some time.
I agree with the phasing out of SHA1, as soon as possible!
Indeed there have been some vulnerabilities demonstrated, collisions on
arbitrary inputs (as this has already been discussed before, this is not as
strong attack as 2nd pre-image attack which would directly affect digital
signatures based on SHA1 for example, but still an indication of weakness in
the hash algorithm). Also governments have plans of phasing SHA1 out soon.
CSE in Canada plans to take it out of commission by 2008 for the protection
of certain types of information, see for example
http://www.cse-cst.gc.ca/services/crypto-services/crypto-algorithms-e.html
--Anton
--
Internal Virus Database is out-of-date.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.2/274 - Release Date: 03/03/2006