SHA-1 deprecation timeline

Rick van Rein rick at
Tue May 10 22:16:29 CEST 2016


> This afternoon at Eurocrypt 2016 saw the presentation of last year's SHA-1
> freestart collision.

You mean this, right?

> The cost of a full chosen-prefix attack on commodity
> hardware (Amazon EC2) is estimated at only $100k; the authors mentioned that
> they are already partway through a common-prefix attack.

"already partway through" does not really say anything, does it?  ;-)

> What is the current plan for the complete deprecation of SHA-1 from GnuPG?

That would have to involve the fingerprints too, since they are used for authentication of keys.  That is going to be bloody, because the standard does not foresee this algorithm to be changeable.

In general however, I'm in favour of properly defined deprecation of old things; for instance, the old packet format; I've always wondered inhowfar these could be re-encrypted with an external tool, for instance.


More information about the Gnupg-devel mailing list