On Wed, Feb 16, 2005 at 01:31:49PM +0100, Polarizer wrote:
What impact does is have for our SuSE linux installations. Where is it used by default in standard packages and where by default in packages to install additionally via Yast.
We are not that mathematically inclined to evaluate that without looking at the paper...
We are eagerly awaiting Bruces and other crypto experts evaluations.
Ciao, Marcus
Sorry Marcus, this was not what i asked for at all. I wouldn't like to discuss the mathematical aspects, but the consequences of the statement
<quote>SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing</quote> [1].
Broken is broken, isn't it?
SHA-1 is used by several of the software packages provided with suse linuxes. Any sentences on this very issue from suse or any other here on the list.
"The paper isn't generally available yet. At this point I can't tell if the attack is real, but the paper looks good and this is a reputable research team." As for SUSE, we are now aware of this problem and will see what is affected and discuss how to handle it. Ciao, Marcus