Weaknesses in SHA-1
Atom 'Smasher'
atom at suspicious.org
Wed Sep 22 01:25:20 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
it's unfortunate that this thread is "Weaknesses in SHA-1". it really
should be "rumored Weaknesses in SHA-1".
(never mind that i sign with SHA-256) SHA-1 has been subject to much more
critical analysis than the larger SHA variants, and for that reason it can
be considered more secure.
since most people are using DSA (really DSS) signatures, most people are
stuck with a 160 bit hash for signatures. the only common 160 bit hash
that's generally considered to be comparable to SHA-1's security is
RIPEMD-160. gpg 1.2 fully supports RIPEMD-160 and i don't think it's going
away anytime soon... and it works with DSA (DSS) signatures. if you're
concerned about SHA-1, just add this to your gpg.Cong:
## this creates RIPEMD-160 data signatures
digest-algo RIPEMD160
## this creates RIPEMD-160 key signatures
cert-digest-algo RIPEMD160
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Generally, news reporting and punditry are
respectful of the rich and disdainful of the poor."
-- Syndicated columnist Norman Solomon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBULhmAAoJEAx/d+cTpVcixhgIAJ+2q3m89vT/8xAG2wv7QUah
8tkIaAeiFvrp+oZBti58loh5PMUyZCedNg8NPK8sz49D1vdiYJPzigoAal9sfw9H
NvkTJw2FxcvQ1K4c0ffBdlqVRU5/edAvsi8Y2BLliBCN/cxbsKUbLk0pduKsL1SL
bfoiWIsasNwtruDNYWktIAHvGnbPhCwFgIPB8bMQycoVix3jpWlX3eh4zHwSfFHH
GlaN7djKPj2U+efRzWV3IgXBao5NZDUM2cikJSOyFv/WrrSy1p7BGLZJg73PWvYL
I1oh16K1OGPkeKVCQvEXO1UlWWW4Uv7xOsdGCOkwTPUqJ8H+ucHc7Xu5BLVgeUU=
=LPq2
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list