[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: how close is OpenPGP tied to SHA1



On Mon, Feb 2, 2009 at 8:04 PM, Jon Callas <jon@xxxxxxxxxx> wrote:
>> The first question would be: Are SHA2 algorithms really more secure
>> than SHA1?
> Yes.

Does it protect against the attacks recently found in SHA1?
Or is it "just" better, because the larger hash size?


>> If so one could think to switch for example to SHA512.
>
> You could. This is what most people are doing.

Ok,.. but you cannot fully leave SHA1,.. you can only switch you
signature hash algorithm, as far as I know.
Right?


>> Or even wait for SHA3.
>
> This is likely the best answer.

Does anyone know the state on SHA3?


Best wishes,
Peter