collision vs. preimage attacks: policy for signing data created by others

Hubert Kario hka at
Fri Oct 5 10:28:42 CEST 2012

On Friday 05 of October 2012 01:13:54 Hauke Laging wrote:
> Am Do 04.10.2012, 22:09:27 schrieb Hubert Kario:
> > won't the answer to that depend on the hash in question?
> Probably. So the question could be changed to: For which hashes does the
> value change and for which not? Limited to the hashes relevant for GnuPG
> operation.
> Is different data with the same hash value publicly available? In that
> case I could just try it myself. :-)

the only collisions I saw were for MD5 and SHA-0

I don't think there are any collisions for SHA-1 published
Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24

More information about the Gnupg-users mailing list