[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA-1 broken

To: ietf-openpgp@xxxxxxx
Subject: Re: SHA-1 broken
From: Lutz Donnerhacke <lutz@xxxxxxxxxxx>
Date: Thu, 17 Feb 2005 09:36:08 +0000 (UTC)
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Newsgroups: iks.lists.ietf-open-pgp
Organization: IKS GmbH Jena
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: slrn/0.9.8.0 (Linux)

* Konrad Rosenbaum wrote:
> While this attack reduces SHA-1 from strength 2^80 to 2^69 and 2^69
> operations is still unreachably much, likelihood seems high that someone
> will improve this attack once the paper has been released.
>
> Should we phase out SHA-1? But in favour of what?

Don't panic. This problem is already solved by allowing different
hash-algorithms in the packet format. As long as no detailed examination of
other algorithms is available, OpenPGP should not change MAYs and MUSTs.

Follow-Ups:
- Re: SHA-1 broken
  - From: Vlad \"SATtva\" Miller
- Re: SHA-1 broken
  - From: Werner Koch

References:
- SHA-1 broken
  - From: Konrad Rosenbaum

Prev by Date: Re: Timestamp and 3rd party sig
Next by Date: Re: SHA-1 broken
Previous by thread: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread