Saturday, May 09, 2009

SHA-1 - fail.

As some people have been saying for a while now, SHA-1 has reached it's end of life.

Summary of the paper: SHA-1 collisions now 2^52 (pdf) by Cameron McDonald, Philip Hawkes and Josef Pieprzyk, Macquarie University and Qualcomm, Australia.

More details about how Debian and openpgp are moving away from SHA-1.

So if you're still using SHA-1 (or md5!) time to move onto the next one... SHA-2.

No comments: