sha1 pgp fingerprint
Werner Koch
wk at gnupg.org
Thu Jan 26 18:19:11 CET 2017
On Thu, 26 Jan 2017 10:56, peter at digitalbrains.com said:
> second-preimage attack. The problems with SHA-1 are with collision
> resistance, not preimage attacks.
Correct, but we should also mention that even collissions are not yet a
current problem - but one we definitely want to be prepared for.
The whole fuzz about replacing SHA-1 from https (I write https and not
TLS for a reason) may help to learn about algorithm replacement
procedures for the future. Replacing SHA-1 in X.509 certificates, as
used for the Web, will not magically make the Web in any way more
secure. The problems with the Web infrastructure are not due to SHA-1
or even RSA-1024; Shamir's old rule still holds: "Crypto will not be
broken, it will by bypassed".
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170126/bb9a1cad/attachment.sig>
More information about the Gnupg-users
mailing list