migration paths from SHA-1 [was: Re: idea.dll]
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jun 27 16:32:03 CEST 2012
On 6/27/2012 10:24 AM, Daniel Kahn Gillmor wrote:
> For the key's fingerprint specifically, a pre-image (where the attacker
> crafts a new text that shares a digest with the victim's key material)
> is the thing to worry about, not a crafted collision (where the attacker
> generates two texts that share a digest).
Yes. And this is exactly what I heard in 2005 from people who were
dismissing the MD5 collision attacks as, "well, you know, they're not
preimages." It didn't take long to go from that to full-on attacks on
MD5. I expect the same will occur here.
> My read of  is that the attack is a collision technique, not a
> pre-image technique, which would imply that "eventually" is still
> actually a little ways off for fingerprints at least.
If by "a little ways off" you mean anywhere between six months to a few
years, then yes, that's reasonable.
I don't expect SHA-1 to fall over dead this afternoon, but the
chaplain's been summoned to its room to deliver the Last Rites.
More information about the Gnupg-users