|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] SHA-1 broken - impact on SuSE linux versions
From: Marcus Meissner (meissner
suse.de)
Date: Wed Feb 16 2005 - 06:34:35 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Feb 16, 2005 at 01:31:49PM +0100, Polarizer wrote:
> >>What impact does is have for our SuSE linux installations. Where is
> >>it used by default in standard packages and where by default in
> >>packages to install additionally via Yast.
> >
> >We are not that mathematically inclined to evaluate that without looking
> >at the paper...
> >
> >We are eagerly awaiting Bruces and other crypto experts evaluations.
> >
> >Ciao, Marcus
>
> Sorry Marcus, this was not what i asked for at all. I wouldn't like to
> discuss the mathematical aspects, but the consequences of the statement
>
> <quote>SHA-1 has been broken. Not a reduced-round version. Not a
> simplified version. The real thing</quote> [1].
>
> Broken is broken, isn't it?
>
> SHA-1 is used by several of the software packages provided with suse
> linuxes. Any sentences on this very issue from suse or any other here
> on the list.
"The paper isn't generally available yet. At this point I can't tell
if the attack is real, but the paper looks good and this is a reputable
research team."
As for SUSE, we are now aware of this problem and will see what is
affected and discuss how to handle it.
Ciao, Marcus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCEz3b6nvzlwF1Yj4RAleGAKCkrJzZzd8+q/WmiFDFCigvwOr/1wCgknBb
34UP9misPxHqLD4sCmNqWkA=
=mI6c
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]