Re: Packages that need to be rebuilt agaisnt libssl0.9.8
- To: debian-devel@lists.debian.org
- Subject: Re: Packages that need to be rebuilt agaisnt libssl0.9.8
- From: Moritz Muehlenhoff <jmm@inutil.org>
- Date: Fri, 7 Oct 2005 10:27:45 +0200
- Message-id: <[🔎] 20051007082745.GA5284@informatik.uni-bremen.de>
- In-reply-to: <4UPnp-4CN-13@gated-at.bofh.it>
- References: <4UNbX-1iI-17@gated-at.bofh.it> <4UNbX-1iI-19@gated-at.bofh.it> <4UNbX-1iI-21@gated-at.bofh.it> <4UNbX-1iI-23@gated-at.bofh.it> <4UNbX-1iI-25@gated-at.bofh.it> <4UNbX-1iI-27@gated-at.bofh.it> <4UNbX-1iI-29@gated-at.bofh.it> <4UNbX-1iI-15@gated-at.bofh.it> <4UPnp-4CN-13@gated-at.bofh.it>
In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
>
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?
Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 is subject to attacks with much lower complexity.
There might be an AES-like competition for the next-gen hash in 2006, but
I'm not sure if it has been decided yet.
Cheers,
Moritz
Reply to: