On Monday 21 February 2005 02:31, Kai Schaetzl wrote:
Malte Gell wrote on Sun, 20 Feb 2005 22:00:21 +0100:
How feasible a real world attack is, is something different, but for a cryptographer SHA-1 is broken.
Ok, I see what you mean. But we *are* talking about the real world impact here and there's no difference to a week ago.
Well, I agree for most users it will make no difference _for now_, but, look what Schneier says about the chance and cost to build a machine able to produce collisions, he estimates it takes $25M - $38M to produce SHA-1 collisions in 56 hours. Yes, _hours_ not months or years. As you said, for most users SHA-1 is just fine, but the time to start to move for something new is right now. http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html Regards Malte