Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

I am firm. You are obstinate. He is a pig-headed fool. -- Katharine Whitehorn


rocksolid / Security / oh oh, sha1 is broken

SubjectAuthor
o oh oh, sha1 is brokenanon

1
oh oh, sha1 is broken

<c3ad2db5c416049850b5e945c531b640@def4>

 copy mid

https://www.rocksolidbbs.com/rocksolid/article-flat.php?id=92&group=rocksolid.shared.security#92

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: anon@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <c3ad2db5c416049850b5e945c531b640@def4>
Subject: oh oh, sha1 is broken
Date: Thu, 09 Jan 2020 09:08:28+0000
Organization: def5
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Thu, 9 Jan 2020 09:08 UTC

https://sha-mbles.github.io/

Quote:

Is SHA-1 really still used?

SHA-1 usage has significantly decreased in the last years; in particular web browsers now reject certificates signed with SHA-1. However, SHA-1 signatures are still supported in a large number of applications. SHA-1 is the default hash function used for certifying PGP keys in the legacy branch of GnuPG, and those signatures were accepted by the modern branch of GnuPG before we reported our results. Many non-web TLS clients also accept SHA-1 certificates, and SHA-1 is still allowed for in-protocol signatures in TLS and SSH. Even if actual usage is low (in the order of 1%), the fact that SHA-1 is allowed threatens the security because a meet-in-the-middle attacker will downgrade the connection to SHA-1. SHA-1 is also the foundation of the GIT versioning system. There are probably a lot of less known or proprietary protocols that still use SHA-1, but this is more difficult to evaluate.

/Quote

Time to upgrade some libs I guess-

Posted on def4

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor