Philippe Cerfon wrote: > What specifically do you mean? Crypto-stuff in banking etc.?
"Specifically"? I don't have the time to list everywhere that will break. SHA-1 is used in a ton of places, and often not places you'd immediately expect. For instance, computer fuel injection timings are controlled by software. Auto enthusiasts would like to be able to customize them, but can't. If SHA-1 breaks, auto enthusiasts will be able to forge their own signatures and deliver their own "updates" to their engines. Skype will potentially break. Many P2P networks (including the ones Skype is based upon) use a mathematical construct called a "distributed hash table" to figure out how to route data. If the hash algorithm is bad, well, you're out of luck. Filesystems will suffer. There exist some filesystems that avoid storing redundant data by tracking a hash of each file. If the file you're writing matches a hash that's already on the disk, the filesystem just puts in a soft link. That's three examples of things that will unexpectedly break if SHA-1 falls. A complete laundry list would go for pages and pages and pages. I'd suggest reading comp.risks; they might have something on point. > But attackers could still attack older data, that they intercepted, right? No. Imagine that in 2010, the OpenPGP Working Group publishes a new key specification. v5 keys use SHA256, not SHA1. I revoke my current key and migrate to a new v5 key. In 2015, the SHA-1 attack becomes practical. Someone goes back to my old messages and lifts a signature off something I've written. They construct a new message that hashes out the same as my old message, and put my old signature on a new message. "Look, look! He signed a message in 2009 claiming that he'd pay me $1 million in 2015! Pay up, Mr. Hansen!" No one would take such a forgery seriously. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
