Aloha! ianG wrote: > On 15/10/2015 20:50 pm, Michael Kjörling wrote: >> On 14 Oct 2015 13:39 -0400, from kevinsisco61...@gmail.com (Kevin): >>> http://www.networkworld.com/article/2990801/sha-1-hashing-algorithm-could-succumb-to-75k-attack-researchers-say.html >>> >> >> To answer the question in the subject line: SHA-1 is already being >> phased out, particularly in areas where collision resistance matters. > > > In general, yes. Since around 2000 and the release of SHA2 family, SHA1 > has been a target for replacement for any collision weakness.
How I wish that would be the truth. Esp in embedded space, md5 is still very, very common even in new designs. And SHA-1 is the new black. A typical setup is that someone has found out that there is a secure hash function called md5 and decided to implement it in their new system. When told that md5 is in fact broken since ages, the response is usually a at the moment-decision that it is not used for security, and that the application doesn't really have any security implications (i.e. that the service performed by the system has no value). Just like the war cry "use bcrypt!" we need to shout "kill md5!" over and over again until it reaches into the embedded dungeons. And then SHA-1. And RC4. And DES. -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ========================================================================
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
