Johannes Schindelin wrote: > SHA1 has been broken (collisions have been found): > > http://www.schneier.com/blog/archives/2005/02/sha1_broken.html I don't think you're right. That blog just says, that Wang can find "collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length." That doesn't mean any collision has been found. In academic cryptography, any attack that has less computational complexity than the expected time needed for brute force is considered a break. In a document (http://www.rsasecurity.com/rsalabs/node.asp?id=2927) that has been released 6 months after that blog post is said a collision can be found in 2^63 operations. Well, if someone use the fastest computer today (http://www.top500.org/system/7747) to get a collision it would take a day to found one. The point is why use MD5 if anyone can compute a collision? David Brodsky - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html