On Wed, Feb 16, 2005 at 02:56:27PM +0200, Gadi Evron wrote: > Now, we've all seen this coming for a while. > http://www.schneier.com/blog/archives/2005/02/sha1_broken.html > > Where do we go from here? I am feeling smug that in a project I am working on I earlier decided our integrity hashes would be a concatenation of MD5 and SHA-1, not that that's a fix, but it helps. I am also appreciating that hashes are used (this project included) for many different things, not all of which are directly affected by this break. Yes, this is a bad omen for the longevity of SHA-1 for other uses, so we will keep an eye on it. Something I am intrigued about is more sophiticated compositions of, say, SHA-1 and MD5. -kb
