[NBLUG/talk] SHA1 hashing standard (at least partially) cracked

Augie Schwer augie.schwer at gmail.com
Sat Feb 19 13:36:42 PST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 17 Feb 2005 13:20:04 -0800, Mark Janes <mkjanes at sonic.net> wrote:
> I just got this from a friend of mine from the UK. What do we know
> about this?
> http://news.zdnet.co.uk/internet/security/0,39020375,39188214,00.htm 

Mark,

This showed up on Slashdot a few times this week as well; basically it is bad
news for any programs using SHA-1 for digital signatures, and the general
recommendation is to move away from using it for such and towards hopefully
stronger algorithms such as SHA256 and above.

I wrote up a little piece about moving to other SHAs when using GPG that
you may find of interest:

http://www.schwer.us/journal/index.php?p=112

Augie.


- -- 
Registered Linux user #229905
GPG Public Key: http://www.schwer.us/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iQEVAwUBQhexHMcjCXa2d7m4AQgVcAgArxnaVtB67++wIQ8zvFIN4zk+O/JRQqUJ
OlDUac+WCirKY6ePgHxQpcaczwOiXyNr2Mp/C2se9MDVIEkOTwF+BH8MNE3FPeSq
Vk51MglU92u4q/rotCNEarC0Odh83S8kcIPAWSuULIVZhGqj6/GBPP7XHPz75+K1
hXP0yT7YqEc/Z/4Fs/LJ4Knm7V9GnnPPZwERmQSHto27PuLtgqXrhr49AeTBBcrF
sxueQiGQjW+8WVmpsPlzUNSY1SGLqze/Tizm2vJGPi1KdulgeNaijDkePROKfL1W
QH4/QBwsgyJ1RRue0zwnjpXu6QEvLDFgHVVziSRQ+CkkOSXjN/+NfA==
=udsu
-----END PGP SIGNATURE-----




More information about the talk mailing list