On 12/11/24 10:59, Rainer Perske wrote:
Hey, you are discussing ways to circumvent the security risks of a weak hash
algorithm.
That is the wrong way and only wastes time and energy.
Do NOT use a weak hash algorithm like SHA-1 at all any more.
Simply choose a strong one like SHA-2 or SHA-3.
This solution is so easy and helps much, much more than any use of salts or
nonces.
Because then the problem that you are trying to fix simply does not exist at
all!
Some years ago, you could have given almost exactly the above advice,
except with MD5 in place of SHA-1 and SHA-1 (!) in place of SHA-2 or SHA-3.
The problem is that strong algorithms *become* weak without advance
warning. Therefore, it is necessary to take measures to reduce the
fragility of the overall system.
-- Jacob
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
