Yongqian Li wrote: > SHA1 has recently been broken (see > http://www.virusbtn.com/news/virus_news/2005/08_29.xml). Will support > for a stronger hash be added in Freenet 0.7?
As far as I know the collision-resistant property of SHA-1 has been broken, but the second-preimage-resistant property hasn't. In other words it's possible to generate two messages with the same hash, but it's impossible to find a second message with the same hash as a given message. I think Freenet requires second-preimage-resistance rather than collision-resistance, although I could well be wrong. For example, if someone wants to insert two new files under the same CHK, is it really a problem? I can see how it would be a problem if someone could insert a second file under an existing CHK, but that isn't possible with the attacks that have been published so far. On the other hand perhaps there are social attacks where, for example, you create two files with the same hash, get someone to publish the first file and then claim that they published the second? I suppose this could be used to undermine the credibility of public-key-based pseudonyms. Cheers, Michael
