Use other hash than SHA-1
mail at 404not-found.de
Fri May 8 09:14:27 CEST 2009
On Friday 08 May 2009 02:09:31 David Shaw wrote:
> One fear that I've seen talked about for SHA-1 is that an attacker can
> create a duplicate document such that if you signed document or key A,
> they could come up with a document or key B that your signature would
> equally apply to. That fear is more than a little overblown. Even
> MD5 hasn't been broken to that extent.
As far as I understand this paper, MD5 has been broken to that extent. For
SHA1 you're still right of course.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users