Crypto, passwords
Eric S. Raymond
esr at thyrsus.com
Fri Jan 5 21:24:01 UTC 2018
Kurt Roeckx <kurt at roeckx.be>:
> On Fri, Jan 05, 2018 at 10:04:44AM -0500, Eric S. Raymond via devel wrote:
> > > MD5 is no longer considered safe.
> > > Is SHA1 considered safe? What other types should we test and/or suggest
> > > people use?
> >
> > No, SHA1 is no longer considered safe. The first collision was generated
> > early last year. The git team is considering a move to SHA-2 (I think - I
> > might be out of date on this.)
>
> For both MD5 and SHA1 it depends on what property of it is
> important, which depends on how you use it. (I have no idea how
> NTP uses it.) Both are still secure for preimage attacks but not for
> collisions.
This is true. However, it is also the case that - based on historical timing
of attack discoveries - preimage attacks tend to follow collision iductions
relatively rapidly. For the git team to act on the assumption that a SHA-1
preimage attack will be discovered soon is reasonable.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel
mailing list