Weaknesses in SHA-1
Per Tunedal Casual
pt at radvis.nu
Fri Sep 24 06:55:24 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
At 04:14 2004-09-22, you wrote:
>On Tue, Sep 21, 2004 at 07:25:20PM -0400, Atom 'Smasher' wrote:
>> it's unfortunate that this thread is "Weaknesses in SHA-1". it
>> should be "rumored Weaknesses in SHA-1".
>> (never mind that i sign with SHA-256) SHA-1 has been subject to
>> much more
>> critical analysis than the larger SHA variants, and for that reason
>> it can
>> be considered more secure.
- --- snip
>Keep in mind that the argument against SHA256 that it hasn't been
>analyzed as much as SHA-1 also applies to RIPEMD-160 (though to less
>of a degree than SHA256).
- ---- snip
> ... SHA-1 is not, repeat, not broken. We
>should not run around switching hashes willy-nilly because of a
>If someone manages to make actual progress against SHA-1, it'll be
>Avoiding the use of SHA-1 in OpenPGP is somewhat silly since many
>major parts of the standard (like fingerprints) use SHA-1 only.
I started this thread because I recalled that someone had written that
the longer SHA-variants was new hashes, rather than just longer SHA-1
and thus not well studied. It surprised me that Bruce Schneier
recommended the new variants without any comments. I read somewhere
that the longer variants even differ in design mutually: the SHA256 is
different from the longer variants.
Someone with some encryption knowledge would better send Bruce
Schneier a comment to his article.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
-----END PGP SIGNATURE-----
More information about the Gnupg-users