On Wed, Feb 16, 2005 at 09:31:42AM +0100, Polarizer wrote:
Hi list, i would like to discuss this with you:
This [1] arcticle shows that SHA-1 is broken and details will be "fully disclosured" [2] soon.
What impact does is have for our SuSE linux installations. Where is it used by default in standard packages and where by default in packages to install additionally via Yast.
I found it exempli gratia in SSH for integrity checks (seems not critical) or in gpg for fingerprints.
The polarizer
polarizers at its best http://www.glass-polarizers.com
[1]http://www.schneier.com/blog/archives/2005/02/sha1_broken.html [2]http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0303.html
We are not that mathematically inclined to evaluate that without looking at the paper... We are eagerly awaiting Bruces and other crypto experts evaluations. Ciao, Marcus