SHA1 collision found

Glenn Rempe glenn at
Fri Feb 24 19:26:14 CET 2017

If you read the announcement Google never uses the words "completely broken" that you attribute to them. I believe that was someone else's characterization.

Mis-attribution and name calling can also be unhelpful.

Google's security team has been the driving force behind two major security issues this week alone (SHA1 and Cloudflare) and with SHA1 they made concrete something that was only theoretical before. Let's give credit where credit is due.

On Feb 24, 2017, 09:27 -0800, Melvin Carvalho <melvincarvalho at>, wrote:
> On 23 February 2017 at 19:24, <sivmu at (mailto:sivmu at> wrote:
> > Today was announced that SHA1 is now completely broken
> >
> This is nonsense.
> Google security team calling sha1 "completely broken" simply means google's security team is completely broken.
> Fearmongering like this unhelpful to the open source community.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170224/c630a376/attachment.html>

More information about the Gnupg-users mailing list