You're arguing two different contradictory things here: > I'm not saying these attacks exist practically today against SHA1 (i > don't know if they do), but collision-resistance is the relevant > property, not resistance to pre-image attacks.
And then: > The places where it is thoroughly "baked in" are the MDC (not relevant > cryptographically) and the V4 fingerprint (where the relevant property > is resistance to a preimage attack instead of resistance to generated > collisions. The relevant property can be resistance to preimage attack or it can be collision resistance. Pick a property and argue it, please. :) I am far more concerned about preimage attacks (which are the ultimate game-over) than random collisions (which affect a smaller fraction of the userbase). I'm not saying that random collisions are not troubling in their own right. > Where exactly has the original poster signed anything over an MD5 digest? Refer to my subsequent message, where I backed off from that statement and clarified I was referring to the poster was already relying on the safety of SHA-1 -- and was just in denial about it. If you believe SHA-1 is insecure and you want to avoid it at all costs, you need to avoid OpenPGP.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
