New results against SHA-1
Werner Koch
wk at gnupg.org
Mon May 4 10:24:20 CEST 2009
On Fri, 1 May 2009 05:58, atom at smasher.org said:
> so... when is the open-pgp spec moving beyond SHA1 hashes to identify
> public keys? what's next? will it have to be a bigger hash?
OpenPGP does not claim that the fingerprint is a unique way to identify
a key.
Also note that the results are about collision attacks and not about
second preimage attacks. Thus the whole thing basically boils down to
the concept of non-repudiation; something which is very hard to achieve
anyway.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users
mailing list