SHA-1 deprecation timeline
Henry de Valence
hdevalence at riseup.net
Tue May 10 20:25:51 CEST 2016
Hi all,
This afternoon at Eurocrypt 2016 saw the presentation of last year's SHA-1
freestart collision. The cost of a full chosen-prefix attack on commodity
hardware (Amazon EC2) is estimated at only $100k; the authors mentioned that
they are already partway through a common-prefix attack.
What is the current plan for the complete deprecation of SHA-1 from GnuPG?
Apologies if this question has been asked and answered before -- but searching
the last eight months of list archives didn't seem to give any information.
Cheers,
Henry de Valence
More information about the Gnupg-devel
mailing list