Crypto, passwords

Eric S. Raymond esr at thyrsus.com
Fri Jan 5 21:24:01 UTC 2018


Kurt Roeckx <kurt at roeckx.be>:
> On Fri, Jan 05, 2018 at 10:04:44AM -0500, Eric S. Raymond via devel wrote:
> > > MD5 is no longer considered safe.
> > > Is SHA1 considered safe?  What other types should we test and/or suggest 
> > > people use?
> > 
> > No, SHA1 is no longer considered safe.  The first collision was generated
> > early last year. The git team is considering a move to SHA-2 (I think - I
> > might be out of date on this.)
> 
> For both MD5 and SHA1 it depends on what property of it is
> important, which depends on how you use it. (I have no idea how
> NTP uses it.) Both are still secure for preimage attacks but not for
> collisions.

This is true.  However, it is also the case that - based on historical timing
of attack discoveries - preimage attacks tend to follow collision iductions
relatively rapidly. For the git team to act on the assumption that a SHA-1
preimage attack will be discovered soon is reasonable.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.




More information about the devel mailing list