SHA1 broken?

Werner Koch wk at
Wed Feb 16 19:59:24 CET 2005

On Wed, 16 Feb 2005 12:20:52 -0500 (EST), Atom Smasher said:

> agreed. my point is really that the fingerprint/ID hash algo shouldn't
> be carved in stone. like most other parts of the openPGP spec, it
> should be flexible and user defined (within certain constraints). as

Flexibility opens the road for rollback attacks.  Thus it is sound to
rely on one specific algorithm for certain problem domains.

Assuming that the SHA-1 collision calculation is simialar to the MD5
one, tehre is even no immediate danger due to the way the fingerprints
are calculated: The first block used in the fingerprint calculation is
more or less a constant and can't be change to create a working faked



More information about the Gnupg-users mailing list