Hi Robert.
On Thu, Sep 10, 2009 at 4:54 PM, Robert J. Hansen <r...@sixdemonbag.org> wrote: > Probably. However, if SHA-1 gets totally broken we'll have a lot bigger > things to worry about than OpenPGP. What specifically do you mean? Crypto-stuff in banking etc.? > As soon as you find an attack, then we can discuss it. Unfortunately, > we can't really talk intelligently about vague fears. Of course,... just wondered if there might be any known issues due to that. > Hans Dobbertin proved MD5 was weak in 1996. In 1997, Network Associates > (who then were pretty much the only game in town, as far as PGP goes) > decided the Dobbertin attack was worrisome and that MD5 needed to go. > By the time the MD5 attacks became practical, PGP had _long_ since > migrated to SHA-1 and RIPEMD160. Ok,.. I see. But attackers could still attack older data, that they intercepted, right? Best wishes, Philippe. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
