Robert J. Hansen rjh at
Wed Jun 27 15:11:11 CEST 2012

On 6/26/2012 3:22 AM, Werner Koch wrote:
> This is very different in OpenPGP.  SHA-1 is not used everywhere; its
> main use is for the fingerprint, this will eventually be a problem.

I am not so sanguine.  Marc Stevens claims [1] he has a working
collision requiring 2**57 compressions: that number is low enough to
make my hair stand on end.  He also says he knows how to make it faster,
and he's been curiously silent on the subject for the last year and a
half.  I think "eventually" is going to come sooner than we think.


More information about the Gnupg-users mailing list