Re: Packages that need to be rebuilt agaisnt libssl0.9.8
In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?
Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 is subject to attacks with much lower complexity.
There might be an AES-like competition for the next-gen hash in 2006, but
I'm not sure if it has been decided yet.