Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Moving To Stronger SHA Algorithms

Posted by timothy on from the 511-upmanship dept.

PGP Corp. is moving to a stronger SHA Algorithm (SHA-256 and SHA-512) as consequence of the research conducted by the team at Shandong University in China who broke the SHA-1 algorithm. (See this earlier story for more information on the SHA-1 vulnerability.)

3 of 247 comments (clear)

  1. Re:Not a solution by anothergene · · Score: 5, Insightful


    They're just trying to avoid the problem, not solve it. Moving to SHA-512 is not a solution. :/

    Could also be a stop gap solution. At least it will be harder to break in the mean time until a real solution is devised.

    --
    Who's leg do I have to hump to get a dry martini around here?
  2. Re:Come on... by no+parity · · Score: 5, Insightful
    They did not break it. They just found a way to reduce the number of trials needed to find a collision.

    That is what's usually referred to as "breaking" a hash algorithm.

  3. Re:Not a solution by Anonymous Coward · · Score: 5, Insightful

    What, then, is?

    Moving to Tiger? Or Whirlpool? Or RIPEMD-160?

    The amount of effort it took to discover the weakness in SHA-1 was incredible, and SHA-256 and SHA-512 are even more complex. Tiger and Whirlpool are relatively untested, and RIPEMD-160 was put out as an update after the original RIPEMD was broken (Much like SHA-0).

    SHA-256 and SHA-512 are the most likely successors to the throne, because they're based on an algo that is STILL, despite being "broken", known to have very strong collision resistance.