Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preparing To Migrate Off of SHA-1 In OpenPGP

Posted by kdawson on from the orderly-fashion dept.

jamie found a note on debian-administration.org, the first in a promised series on migrating off of SHA-1 in OpenPGP. "Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be 'moving in an orderly fashion toward the theater exits,' deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US govt. federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results). ... So what can you do to help facilitate the move away from SHA-1? I'll outline three steps that current gpg users can do today, and then I'll walk through how to do each one..."

6 of 152 comments (clear)

  1. He's Got a Knife! by eldavojohn · · Score: 5, Funny

    'moving in an orderly fashion toward the theater exits'

    An elderly application was trampled to death today as everyone struggled to exit the Sha One theater after someone screamed that an unknown assailant had a knife. After the panic, there was no evidence of injuries from the alleged attack and police are still investigating the presence of an actual weapon.

    --
    My work here is dung.
  2. Re:First MD5 and now this by piripiri · · Score: 3, Funny

    Is there any hash function that actually is secure?

    Of course the good ol' rot13 !

  3. Re:First MD5 and now this by eldavojohn · · Score: 3, Funny

    Is there any hash function that actually is secure?

    Of course the good ol' rot13 !

    Not secure enough, better apply it twice for double protection.

    You can tell the men from the boys by how many times they do things. Like when I restart my computer, I do it three times to make sure it will work when the things start back up inside it.

    --
    My work here is dung.
  4. Aww man, I just upgraded to SHA-1 by Anonymous Coward · · Score: 4, Funny

    I guess I'll just go back to good old MD5.

  5. Well that's unfortunate by Morphine007 · · Score: 4, Funny

    Guess the Aussies overpaid, since their $560k "unbreakable" cryptosystem relies on SHA-1. Shock of shocks, I know...

    --
    Oh god, that woman is John Romero!
  6. Re:better packaging for debian by Anonymous Coward · · Score: 2, Funny

    One specific thing that would really help would be if debian would make it a priority to do a complete job of packaging the relevant hash functions, along with bindings for popular languages.

    However, as this is Debian they are more likely to "disable" SHA-1 by making it emit the plaintext.