On 6/26/2012 3:22 AM, Werner Koch wrote: > This is very different in OpenPGP. SHA-1 is not used everywhere; its > main use is for the fingerprint, this will eventually be a problem.
I am not so sanguine. Marc Stevens claims [1] he has a working collision requiring 2**57 compressions: that number is low enough to make my hair stand on end. He also says he knows how to make it faster, and he's been curiously silent on the subject for the last year and a half. I think "eventually" is going to come sooner than we think. [1] http://code.google.com/p/hashclash/ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
