Weakness in SHA-1

David Shaw dshaw at jabberwocky.com
Sun Sep 26 14:40:27 CEST 2004


On Sat, Sep 25, 2004 at 09:41:08PM -0700, vedaal at hush.com wrote:
> Fri Sep 24 17:54:16 CEST 2004 David Shaw wrote:
> 
> ]While this isn't a practical break of MD5, it is still prudent to stop
> ]using it.  In the context of OpenPGP, stopping using MD5 means
> ]stopping using v3 keys.  If we stop using MD5 today, we can gracefully
> ]migrate to something better.  If we wait until there IS a practical
> ]break, then we are forced into a frantic repair mode that can cause
> ]other harm.
> ..
> ]If there
> ]is a rational argument for starting a transition away from SHA-1, then
> ]we sure as heck should have been off MD5 for a long time now.
> 
> md5 is not necessary for signing with a v3 key,
> and certainly not for encrypting

... but it is required for calculating v3 fingerprints.

I'm so tired of this endless argument.  People, just let v3 go
already.  It was time for it to go years ago.  Now it's just silly.

David



More information about the Gnupg-users mailing list