Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preparing To Migrate Off of SHA-1 In OpenPGP

Posted by kdawson on from the orderly-fashion dept.

jamie found a note on debian-administration.org, the first in a promised series on migrating off of SHA-1 in OpenPGP. "Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be 'moving in an orderly fashion toward the theater exits,' deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US govt. federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results). ... So what can you do to help facilitate the move away from SHA-1? I'll outline three steps that current gpg users can do today, and then I'll walk through how to do each one..."

8 of 152 comments (clear)

  1. He's Got a Knife! by eldavojohn · · Score: 5, Funny

    'moving in an orderly fashion toward the theater exits'

    An elderly application was trampled to death today as everyone struggled to exit the Sha One theater after someone screamed that an unknown assailant had a knife. After the panic, there was no evidence of injuries from the alleged attack and police are still investigating the presence of an actual weapon.

    --
    My work here is dung.
  2. Re:First MD5 and now this by piripiri · · Score: 3, Funny

    Is there any hash function that actually is secure?

    Of course the good ol' rot13 !

  3. Re:First MD5 and now this by eldavojohn · · Score: 3, Funny

    Is there any hash function that actually is secure?

    Of course the good ol' rot13 !

    Not secure enough, better apply it twice for double protection.

    You can tell the men from the boys by how many times they do things. Like when I restart my computer, I do it three times to make sure it will work when the things start back up inside it.

    --
    My work here is dung.
  4. Re:First MD5 and now this by sadness203 · · Score: 1, Funny

    Pffff, doing it 2-3 times is for amateur.

    I personally use a special rrot13. Or if you prefer, Reverse Rot13.

    It's so advanced, they are still trying to break it at NSA.

  5. Aww man, I just upgraded to SHA-1 by Anonymous Coward · · Score: 4, Funny

    I guess I'll just go back to good old MD5.

  6. Well that's unfortunate by Morphine007 · · Score: 4, Funny

    Guess the Aussies overpaid, since their $560k "unbreakable" cryptosystem relies on SHA-1. Shock of shocks, I know...

    --
    Oh god, that woman is John Romero!
  7. Re:better packaging for debian by Anonymous Coward · · Score: 2, Funny

    One specific thing that would really help would be if debian would make it a priority to do a complete job of packaging the relevant hash functions, along with bindings for popular languages.

    However, as this is Debian they are more likely to "disable" SHA-1 by making it emit the plaintext.

  8. Re:2^52 by goombah99 · · Score: 1, Funny

    but if my math is correct

    Actually it's wildly wrong;

    2^57 is way bigger than 144
    2^52 is also much bigger than four 4

    2^52 / 2^57 = 0,03125 = 3,125%
    ^none of those are equal

    you must be REALLY stupid

    I've read that there are places where the people there are so uneducated they often get their commas and periods mixed up. Probably some silly problem with typwriter keys or something I guess. Anyhow how could you expect those backward people who don't even know the right symbol for a decimal point to be able to do math.

    Sheesh! good thing you pointed out that bad math to the poor slob. I bet he's feeling pretty stupid right now.

    --
    Some drink at the fountain of knowledge. Others just gargle.