> On Jan 11, 2020, at 3:24 PM, Anders Andersson <pipat...@gmail.com> wrote:
>
> While perusing the OpenBSD FAQ I came across the S/Key login system
> and noticed that there are three possible hashing algorithms to choose
> from: MD5, SHA1, and RIPEMD-160.
>
> Instinctively I wouldn't want to use any of these. RIPEMD-160 seems
> like the only one that hasn't been broken, but that's probably because
> no one really cares as much as they do with MD5 and SHA1.
Collision attacks are not the same as preimage attacks. The latter are much
harder. See: https://en.m.wikipedia.org/wiki/S/KEY#Security
Here’s an article that also may be of interest:
https://electriccoin.co/blog/lessons-from-the-history-of-attacks-on-secure-hash-functions/
>
> But of course, it depends on how they are used. Is this a case of when
> it's fine to use them, or is it simply that nobody uses S/Key anymore
> so there's no real incentive to change them?
>
> Just being curious, I didn't even know S/Key existed until a few minutes ago.
>
