Re: Packages that need to be rebuilt agaisnt libssl0.9.8
- To: email@example.com
- Subject: Re: Packages that need to be rebuilt agaisnt libssl0.9.8
- From: Moritz Muehlenhoff <firstname.lastname@example.org>
- Date: Fri, 7 Oct 2005 10:27:45 +0200
- Message-id: <[🔎] 20051007082745.GA5284@informatik.uni-bremen.de>
- In-reply-to: <4UPnp-4CNemail@example.com>
- References: <4UNbX-1iIfirstname.lastname@example.org> <4UNbX-1iIemail@example.com> <4UNbX-1iIfirstname.lastname@example.org> <4UNbX-1iIemail@example.com> <4UNbX-1iIfirstname.lastname@example.org> <4UNbX-1iIemail@example.com> <4UNbX-1iIfirstname.lastname@example.org> <4UNbX-1iIemail@example.com> <4UPnp-4CNfirstname.lastname@example.org>
In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?
Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 is subject to attacks with much lower complexity.
There might be an AES-like competition for the next-gen hash in 2006, but
I'm not sure if it has been decided yet.