On Thu, 17 Feb 2005 17:43:51 +0100, Markus Schaber said: > GnuPG should be changed to give strong warings whenever SHA-1 is used, and > maybe disable the usage of SHA-1 for new signatures altogether.
No. Broken is used by Bruce in a way cryptographers use it. IT is far far away from any practical way of breaking it. Reducing the complexity of collission search from 2^80 to 2^69 is a grea improvement but that 2^69 is still something which you and even large organisations won't be able to do. It is not only about doing running 2^69 (modified) hash calculations but also to have a way to store 2^80 plain texts. This is even more work than for breaking MD5 (2^64). Further collission attacks are not always useful and in many cases won't do much harm. To fake an existing disgital signature you need to find a second preimage, this still requires 2^159 hash calculations on average. There is no need for GnuPG to drop SHA-1. The OpenPGP WG will for sure discuss this and future version of the standard will reflect the state of the art as OpenPGP has always done. Recall that thus many application still are using MD5, despite that it has been broken (in the sense of SHA-1) in 1996. Even the recent full break of MD5 is not catastrophic as it only allows to calculate arbitrary collissions. James, please close this bug as it is not GnuPG related. Salam-Shalom, Werner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
