Re: Packages that need to be rebuilt agaisnt libssl0.9.8

To: debian-devel@lists.debian.org
Subject: Re: Packages that need to be rebuilt agaisnt libssl0.9.8
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 7 Oct 2005 10:27:45 +0200
Message-id: <20051007082745.GA5284@informatik.uni-bremen.de>
In-reply-to: <4UPnp-4CN-13@gated-at.bofh.it>
References: <4UNbX-1iI-17@gated-at.bofh.it> <4UNbX-1iI-19@gated-at.bofh.it> <4UNbX-1iI-21@gated-at.bofh.it> <4UNbX-1iI-23@gated-at.bofh.it> <4UNbX-1iI-25@gated-at.bofh.it> <4UNbX-1iI-27@gated-at.bofh.it> <4UNbX-1iI-29@gated-at.bofh.it> <4UNbX-1iI-15@gated-at.bofh.it> <4UPnp-4CN-13@gated-at.bofh.it>

In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
>
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?

Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 is subject to attacks with much lower complexity.

There might be an AES-like competition for the next-gen hash in 2006, but
I'm not sure if it has been decided yet.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: Effort to change IETF's copying conditions for RFCs
Next by Date: Re: Effort to change IETF's copying conditions for RFCs
Previous by thread: Re: Packages that need to be rebuilt agaisnt libssl0.9.8
Next by thread: Re: Packages that need to be rebuilt agaisnt libssl0.9.8
Index(es):
- Date
- Thread