Re: [Sam Hartman] Openpgp comments2006-09-18 20:03:55On Mon, Sep 18, 2006 at 11:02:44AM -0400, Derek Atkins wrote: The second issue is the encryption with integrity packet. Today this is hard-wired to use SHA-1. That's not OK. We need an upgrade path for that and I think we need to support SHA-256 now. Does the MDC actually need collision resistance? I was under the impression that (like the secret key "S2K 254" use of SHA-1) this was essentially a checksum and the recent attacks against SHA-1 did not apply. David
|
|