New results against SHA-1

Werner Koch wk at
Mon May 4 10:24:20 CEST 2009

On Fri,  1 May 2009 05:58, atom at said:

> so... when is the open-pgp spec moving beyond SHA1 hashes to identify
> public keys? what's next? will it have to be a bigger hash?

OpenPGP does not claim that the fingerprint is a unique way to identify
a key. 

Also note that the results are about collision attacks and not about
second preimage attacks.  Thus the whole thing basically boils down to
the concept of non-repudiation; something which is very hard to achieve



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list