On Sat, 27 Oct 2007, Oisin Feeley wrote: > > Uh? I wasn't aware SHA1 has been broken (at least, not in > > a practically exploitable way). > > It hasn't ... yet. But the US government is mandating that it not be > used after 2010, so anyone wanting to be able to fulfill that needs to > plan now how to make the transition: > > "March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, > SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all > applications using secure hash algorithms. Federal agencies should > stop using SHA-1 for digital signatures, digital time stamping and > other applications that require collision resistance as soon as > practical, and must use the SHA-2 family of hash functions for these > applications after 2010." > > http://csrc.nist.gov/groups/ST/hash/policy.html Note that this applies to sha1 being used for hashes of filenames, X.509 attributes, etc. It does not apply to IPsec's use of md5/sha1, which does not require collision resistance because of its use of HMAC. The official IETF policy is "walk, not run, to a new secure hashing algorithm". Also, it is believed that if SHA-1 is compromised, the attack would work similarly to SHA-256 et al. Paul -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
