Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] SHA-1 broken - impact on SuSE linux versions
From: Marcus Meissner (meissnersuse.de)
Date: Wed Feb 16 2005 - 06:34:35 CST
On Wed, Feb 16, 2005 at 01:31:49PM +0100, Polarizer wrote:
> >>What impact does is have for our SuSE linux installations. Where is
> >>it used by default in standard packages and where by default in
> >>packages to install additionally via Yast.
> >We are not that mathematically inclined to evaluate that without looking
> >at the paper...
> >We are eagerly awaiting Bruces and other crypto experts evaluations.
> >Ciao, Marcus
> Sorry Marcus, this was not what i asked for at all. I wouldn't like to
> discuss the mathematical aspects, but the consequences of the statement
> <quote>SHA-1 has been broken. Not a reduced-round version. Not a
> simplified version. The real thing</quote> .
> Broken is broken, isn't it?
> SHA-1 is used by several of the software packages provided with suse
> linuxes. Any sentences on this very issue from suse or any other here
> on the list.
"The paper isn't generally available yet. At this point I can't tell
if the attack is real, but the paper looks good and this is a reputable
As for SUSE, we are now aware of this problem and will see what is
affected and discuss how to handle it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----