[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages that need to be rebuilt agaisnt libssl0.9.8

In linux.debian.devel, you wrote:
> Moritz Muehlenhoff wrote:
>> Upgrading to SHA-1 is still a good idea, of course,
> Correct me if I'm wrong, but haven't there been collision attacks on
> SHA-1, too?

Yes, but to public knowledge they're only feasible with government grade
hardware, while MD5 is subject to attacks with much lower complexity.

There might be an AES-like competition for the next-gen hash in 2006, but
I'm not sure if it has been decided yet.


Reply to: