https://community.isc2.org/t5/Tech-Talk/SHA-1-Practical-Attack/m-p/31451#M2095 <P>SHA-1, are you kidding me? Nobody uses that! Guess again my friend. Although it<SPAN>&nbsp;has been slowly phased out over the past five years, it remains far from being fully deprecated. It's still the <STRONG>default hash function for certifying PGP keys in the legacy 1.4 version branch of GnuPG</STRONG>, the open-source successor to PGP application for encrypting email and files. Those SHA1-generated signatures were accepted by the modern <STRONG>GnuPG</STRONG> branch until recently, and were only rejected after the researchers behind the <STRONG>new "chosen-prefix" collision</STRONG>&nbsp;attack privately reported their results. Here is a link to the academic&nbsp;paper "<A href="https://eprint.iacr.org/2020/014.pdf" target="_blank" rel="noopener">SHA-1 is a Shambles</A>".</SPAN></P> Mon, 09 Oct 2023 09:24:05 GMT AppDefects 2023-10-09T09:24:05Z https://community.isc2.org/t5/Tech-Talk/SHA-1-Practical-Attack/m-p/31451#M2095 <P>SHA-1, are you kidding me? Nobody uses that! Guess again my friend. Although it<SPAN>&nbsp;has been slowly phased out over the past five years, it remains far from being fully deprecated. It's still the <STRONG>default hash function for certifying PGP keys in the legacy 1.4 version branch of GnuPG</STRONG>, the open-source successor to PGP application for encrypting email and files. Those SHA1-generated signatures were accepted by the modern <STRONG>GnuPG</STRONG> branch until recently, and were only rejected after the researchers behind the <STRONG>new "chosen-prefix" collision</STRONG>&nbsp;attack privately reported their results. Here is a link to the academic&nbsp;paper "<A href="https://eprint.iacr.org/2020/014.pdf" target="_blank" rel="noopener">SHA-1 is a Shambles</A>".</SPAN></P> Mon, 09 Oct 2023 09:24:05 GMT https://community.isc2.org/t5/Tech-Talk/SHA-1-Practical-Attack/m-p/31451#M2095 AppDefects 2023-10-09T09:24:05Z