Daniel Colquitt via Gnupg-users wrote:
Whilst AES128 is probably okay for now, SHA1 has been broken for well over 15 years.
Has it really been that long? ... No, it has not been: a free-start collision was found on the SHA-1 compression function in 2015, less than 7 years ago.
As far as I know, a single collision pair ("SHAttered") has been produced, using about 9 months on a very large cluster, against the full SHA-1. There is no comparison here to MD5, for example. Further, only collisions have been demonstrated so far, and if Mallory producing a colliding private key is a concern for you, you have bigger problems, like Mallory having provided your private key in the first place!
It is also worth noting that SHA-1 is (as far as I know) only used as a fancy checksum here to guard against data corruption. If Mallory even has access to potentially replace your private key, you have bigger problems than potential weaknesses of the checksum on that key.
-- Jacob _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
