On Tue, 2025-12-30 at 00:34 -0600, Jacob Bachmeyer wrote: > I am not sure about that. As I understand, OpenPGP (and Git, for > another example) only needs second preimage resistance, unlike X.509 > which needs absolute collision resistance, and the closest attack on > SHA-1 is still only a chosen-prefix collision. > > The SHA-1 sky has not fallen, yet. It may be getting a bit creaky, > but it is not falling. :-) (Yet...) :-/
For certifications (aka key signatures), SHA-1 should be considered insecure. An attacker could generate two identities with the same SHA-1 hash and then let people sign one of them. Regards
signature.asc
Description: This is a digitally signed message part
