Weaknesses in SHA-1
David Shaw
dshaw at jabberwocky.com
Wed Sep 22 20:45:38 CEST 2004
On Tue, Sep 21, 2004 at 09:59:28PM -0500, Alan S. Jones wrote:
> I would be curious if anyone knows what the commercial PGP app supports
> also for a good comparison. I think it would be helpful not just for
> rumored weaknesses, but for over all compatibility knowledge. Maybe an
> ongoing table we could keep current.
The best table I've seen on the subject:
https://netfiles.uiuc.edu/ehowes/www/pgp-summ.htm
It's a little out of date though, only going up to GnuPG 1.2.1.
> I know t hat SHA-1 has been analyzed more then SHA256, SHA384, or SHA512
> thus could actually be stronger. However why not let people create keys
> with those algorithms also in 1.4?
I'm not sure what you mean here - these are hash algorithms. You
don't create a key using them.
> On a side note I know that the 1.3.x series will become the new
> stable 1.4. However I was wondering when we would see the first
> builds that actually said 1.4 come along? I figure we will see a
> much more use of that build series when it actually says 1.4.
It won't be long now.
David
More information about the Gnupg-devel
mailing list