Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login


If God is perfect, why did He create discontinuous functions?

computers / / oh oh, sha1 is broken

o oh oh, sha1 is brokenanon

oh oh, sha1 is broken


  copy mid

  copy link   Newsgroups:
From: (anon)
Message-ID: <c3ad2db5c416049850b5e945c531b640@def4>
Subject: oh oh, sha1 is broken
Date: Thu, 09 Jan 2020 09:08:28+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Thu, 9 Jan 2020 09:08 UTC


Is SHA-1 really still used?

SHA-1 usage has significantly decreased in the last years; in particular web browsers now reject certificates signed with SHA-1. However, SHA-1 signatures are still supported in a large number of applications. SHA-1 is the default hash function used for certifying PGP keys in the legacy branch of GnuPG, and those signatures were accepted by the modern branch of GnuPG before we reported our results. Many non-web TLS clients also accept SHA-1 certificates, and SHA-1 is still allowed for in-protocol signatures in TLS and SSH. Even if actual usage is low (in the order of 1%), the fact that SHA-1 is allowed threatens the security because a meet-in-the-middle attacker will downgrade the connection to SHA-1. SHA-1 is also the foundation of the GIT versioning system. There are probably a lot of less known or proprietary protocols that still use SHA-1, but this is more difficult to evaluate.


Time to upgrade some libs I guess-

Posted on def4


rocksolid light 0.9.7
clearnet tor