Mailinglist Archive: opensuse-security (256 mails)

< Previous Next >
Re: [suse-security] SHA-1 broken - impact on SuSE linux versions
  • From: Joerg Mayer <jmayer@xxxxxxxxx>
  • Date: Wed, 16 Feb 2005 13:51:54 +0100
  • Message-id: <20050216125154.GN13694@xxxxxxxxxxxxxxxxxxxxxxxxx>
On Wed, Feb 16, 2005 at 09:31:42AM +0100, Polarizer wrote:
> What impact does is have for our SuSE linux installations. Where is
> it used by default in standard packages and where by default in
> packages to install additionally via Yast.
>
> I found it exempli gratia in SSH for integrity checks (seems not
> critical) or in gpg for fingerprints.

>From [1]:
: It pretty much puts a bullet into SHA-1 as a hash function for digital
: signatures (although it doesn't affect applications such as HMAC where
: collisions aren't important).

So it doesn't look that bad for most uses (although certificates a a very
critical use).

Ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

< Previous Next >
References