Weaknesses in SHA-1

Per Tunedal Casual pt at radvis.nu
Fri Sep 24 06:55:24 CEST 2004

Hash: SHA1

At 04:14 2004-09-22, you wrote:

 >On Tue, Sep 21, 2004 at 07:25:20PM -0400, Atom 'Smasher' wrote:
 >> it's unfortunate that this thread is "Weaknesses in SHA-1". it
 >> really
 >> should be "rumored Weaknesses in SHA-1".
 >> (never mind that i sign with SHA-256) SHA-1 has been subject to
 >> much more
 >> critical analysis than the larger SHA variants, and for that reason
 >> it can
 >> be considered more secure.
- --- snip
 >Keep in mind that the argument against SHA256 that it hasn't been
 >analyzed as much as SHA-1 also applies to RIPEMD-160 (though to less
 >of a degree than SHA256).
- ---- snip
 > ... SHA-1 is not, repeat, not broken.  We
 >should not run around switching hashes willy-nilly because of a
 >If someone manages to make actual progress against SHA-1, it'll be
 >major news.
 >Avoiding the use of SHA-1 in OpenPGP is somewhat silly since many
 >major parts of the standard (like fingerprints) use SHA-1 only.

I started this thread because I recalled that someone had written that
the longer SHA-variants was  new hashes, rather than just longer SHA-1
and thus not well studied. It surprised me that Bruce Schneier
recommended the new variants without any comments. I read somewhere
that the longer variants even differ in design mutually: the SHA256 is
different from the longer variants.

Someone with some encryption knowledge would better send Bruce
Schneier a comment to his article.

Per Tunedal

Version: GnuPG v1.2.5 (MingW32)


More information about the Gnupg-users mailing list