SHA1 being used despite public key preferences
smujohnson at gmail.com
Thu Oct 21 11:16:11 CEST 2010
On Wed, Oct 20, 2010 at 6:50 PM, Robert J. Hansen <rjh at sixdemonbag.org>wrote:
> The problem comes from saying, "well, Bruce says…".
> A good argument stands on its own legs: it doesn't rely on any external
> authority for its soundness. A lot of people in the crypto community are
> extraordinarily sensitive to what's called "appeal to authority" — since
> this one person says so, it must be so. It's far better to give an argument
> that stands on its own, rather than appeal to "it's what Bruce says."
Two things. First, "Bruce says.." was meant to be sort of like a
bibliography, when you try to find experts in the field who have said the
same things you are saying. Usually it's good to give a bit of evidence for
some of the arguments you are making. It is at least a better argument than
me writing to the list without anything to back it up. So, I quoted some
stuff Bruce said. Would you go around telling people who have citations in
bibliographic form that "A good argument stands on its own legs: it doesn't
rely on any external authority for its soundness."?
Second thing: I already gave a good argument. Let's forget what Bruce
said. And forget that I gave him as source. Let's go back to the basic
message: SHA-1 is broken. It has been public knowledge for 5 years, and 2
years ago, a better attack was published. That is the basis for this whole
thread, more or less. Ignore everything else I've said, except this one
thing: SHA-1 is broken.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel