Am 09.06.2014 12:18, schrieb Nicolai Josuttis (enigmail):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi "Suspekt",
thanks for the feedback.
the cryptographic experts warn strongly about using SHA1.
See for example Minute 31:30 of the following talk (in German):
http://media.ccc.de/browse/congress/2013/30C3_-_5337_-_de_-_saal_2_-_201312271715_-_kryptographie_nach_snowden_-_ruedi.html
The essence is "SHA1 is broken".
See also by the same author
http://www.cryptolabs.org/hash/WeisCccDsHash05.html
The author offered the following bet in 2005(!):
I would prefer to bet for Britney Spears being a virgin
over the safety of SHA1
;-)
Without being an expert, that's seriously enough
strong warnings by experts I trust.
Best
Nico
OK, let me also throw in some references ;)
https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html
"A collision attack is therefore well within the range of what an
organized crime syndicate can practically budget by 2018, and a
university research project by 2021."
So, yes lets switch, but don't panic. I've read on some mailinglist the
nice paraphrase "let's retreat instead of run away".
To clarify this: Using SHA512 as a default is probably a good thing
_______________________________________________
enigmail-users mailing list
[email protected]
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
