SHA1 broken?

[Werner Koch]

On Thu, 17 Feb 2005 16:05:56 -0500, Jason Harris said:

> If RSA key material can be successfully manipulated to produce a
> desired result in a v3 key, why can't it also be manipulated in
> a v4 key?  Granted, the desired result is a SHA-1 collision, but

Because the v4 format fixes the flaw with the length of the parameters
and the way the fingerprint and keyid is calculated.

> Of course.  However, if the key creation time, type, and number of
> bits are checked, they may be found to be different among keys with

Well that means to reintroduce the requirement for that checking for
v4 keys again.  For a different reason of course.  And well, with the
SHA-1 weakness you still won't be able to find a second preimage for a
given key.


Salam-Shalom,

   Werner