Mailinglist Archive: opensuse-security (256 mails)

< Previous Next >
Re: [suse-security] SHA-1 broken - impact on SuSE linux versions
  • From: Malte Gell <malte.gell@xxxxxx>
  • Date: Tue, 22 Feb 2005 00:46:31 +0100
  • Message-id: <200502220046.31492.malte.gell@xxxxxx>
On Monday 21 February 2005 02:31, Kai Schaetzl wrote:
> Malte Gell wrote on Sun, 20 Feb 2005 22:00:21 +0100:
> > How feasible a real world attack is, is something
> > different, but for a cryptographer SHA-1 is broken.
>
> Ok, I see what you mean. But we *are* talking about the real world
> impact here and there's no difference to a week ago.

Well, I agree for most users it will make no difference _for now_, but,
look what Schneier says about the chance and cost to build a machine
able to produce collisions, he estimates it takes $25M - $38M to
produce SHA-1 collisions in 56 hours. Yes, _hours_ not months or years.
As you said, for most users SHA-1 is just fine, but the time to start
to move for something new is right now.

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

Regards
Malte

< Previous Next >