New results against SHA-1

Martin Ågren martin.agren at
Sun May 3 13:05:36 CEST 2009

2009/5/1 Atom Smasher <atom at>:
> On Thu, 30 Apr 2009, David Shaw wrote:
>> There is not much hard information yet, but the two big quotes are "SHA-1
>> collisions now 2^52" and "Practical collisions are within resources of a
>> well funded organisation."
> [...] what's next? will it have to be a bigger hash?

No, not bigger, but better. :) SHA-2 should be better, but since it's
conceptually quite similar to SHA-1, one could be somewhat worried...
SHA-3, on the other hand, will be very well-studied when it becomes a
standard, so we should in a way be able to trust it as much as we
trust AES. Google "SHA-3 competition" for more information.

Take care!


More information about the Gnupg-users mailing list