Web lists-archives.com

Re: Archive no longer accepts uploads signed using SHA-1 or RIPE-MD/160




On Fri, Feb 24, 2017 at 02:43:13PM +0000, Peter Palfrader wrote:
> On Fri, 24 Feb 2017, Wouter Verhelst wrote:
> 
> > > or RIPE-MD/160 algorithms.
> > 
> > Uhh? AFAIK, RIPEMD160 is not compromised at all, not even in a
> > theoretical attack. Why was this part of the decision taken?
> > 
> > (there is a theoretical attack against RIPEMD, but that is not the same
> > thing as RIPEMD160)
> 
> It's just as short as SHA1.  There appears to be little reason to use a
> digest this short in 2017.

This is a total side-track, but it's not the *length* that mattered in
breaking SHA1. The weakness was in a prefix attack, the brute force
attack on SHA1 is still out of reach. This was the *algorithm* being
weak, not the length of the hash, in this case.

Also, just use blake2.

Cheers,
   Paul

Attachment: signature.asc
Description: PGP signature