Weaknesses in SHA-1

Johan Wevers johanw at vulcan.xs4all.nl
Fri Sep 24 16:15:23 CEST 2004


markus reichelt wrote:

>why? he states:
>
>"To a user of cryptographic systems -- as I assume most readers are --
>this news is important, but not particularly worrisome.  MD5 and SHA
>aren't suddenly insecure.  No one is going to be breaking digital
>signatures or reading encrypted messages anytime soon with these
>techniques.  The electronic world is no less secure after these
>announcements than it was before."

However, this argument is often used against v3 keys, because they use
MD5. It apears that MD5 and SHA1 may be vulnerable to the same kind of
attack. In practice, I don't worry about either hashes being broken.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list