Matches for sha1, 135 total results Sorted by newest | relevance
Sun Dec 06 18:10:46 UTC 2015 <mod6> ah, that's right. busybox pacakge spit out both md5 and sha1
Sun Dec 06 18:10:33 UTC 2015 <mod6> busybox-1.23.2.tar.bz2: OK (sha1: 7f37193cb249f27630e0b2a2c6c9bbb7b1d24c16)
Mon Nov 16 05:36:33 UTC 2015 <asciilifeform> and did the schmuck really go with dsa + sha1 ??!!!
Fri Nov 06 23:51:48 UTC 2015 <pete_dushenski> "winbloze CONSIDERS deprecating sha1". so it's on the table. just so you know.
Wed Nov 04 00:37:05 UTC 2015 <assbot> Logged on 03-11-2015 16:33:06; *: adlai has exceeded his daily allotment of manual sha1 preimage mining
Tue Nov 03 16:33:06 UTC 2015 <*> adlai has exceeded his daily allotment of manual sha1 preimage mining
Mon Oct 26 22:09:58 UTC 2015 <mircea_popescu> incidentally sha1
Mon Oct 26 22:09:07 UTC 2015 <ascii_field> l0l explicitly pushes sha1?!!
Sun Oct 25 20:48:17 UTC 2015 <asciilifeform> it'll be more of a thing once we get the sha1 out of the loop though.
Tue Oct 13 16:26:47 UTC 2015 <assbot> Logged on 12-10-2015 21:59:05; pete_dushenski: davout: "According to Schneier it costed ~$3mn in 2012 to find an arbitrary SHA1 collision." << cost
Mon Oct 12 23:41:22 UTC 2015 <asciilifeform> the fp is a sha1
Mon Oct 12 23:40:53 UTC 2015 <punkman> I don't see any mention of sha1 in the rfc regarding subkey sigs etc
Mon Oct 12 23:39:31 UTC 2015 <asciilifeform> both are hardcoded to use sha1.
Mon Oct 12 23:39:26 UTC 2015 <assbot> Logged on 12-10-2015 22:51:13; punkman: btw if you don't want the signatures on your subkeys being sha1, I think --cert-digest-algo is the option that needs changing
Mon Oct 12 22:51:13 UTC 2015 <punkman> btw if you don't want the signatures on your subkeys being sha1, I think --cert-digest-algo is the option that needs changing
Mon Oct 12 21:59:05 UTC 2015 <pete_dushenski> davout: "According to Schneier it costed ~$3mn in 2012 to find an arbitrary SHA1 collision." << cost
Sat Oct 10 18:02:43 UTC 2015 <asciilifeform> nor is anything else about the current implementation (what is signed is IN ALL CASES a sha1 of the key-to-be-signed) sane.
Sat Oct 10 06:19:11 UTC 2015 <assbot> Logged on 09-10-2015 01:56:06; asciilifeform: my original observation, though, stands - the time to stop thinking of pgp 64bit fp as 'the man' is not when arbitrarily colliding sha1 costs a penny! it is now.
Fri Oct 09 02:01:40 UTC 2015 <asciilifeform> the other thing is, to the extent that the integrity of the wot as we now have it is predicated on sha1 not costing a penny to break, some of the sweat that went in to forming the wot may end up having to be re-sweated