There's a current news story over at current news story over at Slashdot (http://it.slashdot.org/article.pl?sid=05/02/20/211206&tid=172&tid=93).

PGP Corp. is moving to a stronger SHA Algorithm (SHA-256 and SHA-512) as consequence of the research conducted by the team at Shandong University in China who broke the SHA-1 algorithm.

They did not break it. They just found a way to reduce the number of trials needed to find a collision.

Finally, someone who has a clue! no parity is absolutely right. All they did was provide a hash that produces 1 collision as a proof that they have an algorithm that makes finding collisions easier. This doesn't mean we all need to rush out and change our public/private keys...

this should help put the (alleged until proven otherwise) SHA-1 break into
perspective. thanks to Sascha Kiefer for giving me the idea.

let's say that unbroken SHA-1 represents a 100 meter (328 ft) wall. if a
break allows a collision to be found in merely 2^69 operations (on
average), that would mean the wall has crumbled to 4.9 cm (1.9 in) tall.
that's broken!!

OTOH, let's say that unbroken MD5 represents a 100 meter (328 ft) wall.
comparing unbroken MD5 to broken SHA-1 means the wall would actually grow
from 100 meters (328 ft) tall to 3.2 km (1.99 miles) tall. SHA-1, even if
it's broken enough to find a collision in 2^69 operations (on average), is
still stronger than MD5 was ever meant to be.

again, using unbroken MD5 as our reference of a 100 meter (328 ft) wall,
unbroken SHA-1 would be a wall 6553.6 km (4072 miles) tall. SHA-1 was
intended to be incredibly stronger than MD5.

So basically, SHA-1 has been made easier to crack, therefore its considered broken. PGP is considering moving up to SHA-256 or even SHA-512.

Apparently its still decently safe to use PGP, as it would take a rather well-funded adversary to decrypt your messages.

I could be interpreting this wrong, so please do correct me if I am.

Wow... Guess it just goes to show that you should never trust anything electronic with anything you want to keep secret, unless you personally have all copies and have personal privilege to destroy all those copies. :(

After all, that wall that is 100m tall drops by half every year. Next year it is 50m, then 25, then 12.5. In 15 years it will be 3mm high at current rates. That 4.9cm wall starts to look really shaky. In 15 years, your wall will be just 1.4 microns. That isn't a wall.

I don't understand why everyone loves PGP so much anyway. The NIST minimum standard for privacy for the next 15 years is 256 bit AES or rijindel(something like that). I am actually still looking for a good program. sourceforge.net has many open source ones in beta.

Also search for KeePass on sourceforge.net, it is a password safe that automaticly types your passphrases into your application or the clipboard so that no keyloggers or trojans pick it up. It also generates very strong passphrases using all possible characters . To open up the password safe you put a floppy in the drive with a stored key. The safe is encrypted with AES and twofish in your memory while running so no other process can access it.

But what I have figured out is once you encrypt your files, always use steganography.
I pretty sure the government is scared of it. The reason for this is there is hidden legislation in the Ultra DMCA(digital mellenium copyright act)(the one that is passing in some states,not our whole country yet) that makes steganography illegal. Steganography researchers are baffled at them making it illegal and they had to move all there files out of state.

HIP(hide in picture) is a good little stego program on sourceforge.net that hides files in picture files. If they don't know there is an encrypted file to crack , then they can't crack it can they?

A good reason to start trading porn? Ok, ok, maybe not porn. But what about lovely pictures of fruit? Should we have a thread dedicated to fruit?? *Wink*

PGP is nice because it's convenient, and everywhere.

The government isn't going to tell me that I can't encrypt MY personal data. Blow me congress. And of course I mean that in a perfectly legal sense.

SHA-1 is not used to encrypt messages, it's used for the signing process. So if SHA-1 was broken, your encrypted messages would still be safe. But if you got a signed message you couldn't be sure anymore if the person who wrote it is the same person PGP tells you it is.

Anyway, it's still a far way from just one collision to a method that allows you to sign messages with a key that is not your own, so I still consider PGP reasonably safe for most people's purposes. And since they are moving to a stronger hash algorithms, everything's fine, isn't it :)?

Thats what I assumed, I didn't think that the fact that it is broken is that big a deal. The way it was broken just makes it easier to crack, but its like instead of taking 500 years to crack, instead you could do it in 20. The chances of a match are close, and your messages should indeed still be safe.

I was just concerned, and I thought it'd be interesting to the more security minded people here.

But they are improving it, and in the end, I don't think it will be that big of a deal.

I've read this paper about this new way to crack sha-1 and it's definitely not something that i'm scared of. it's just in some cases a way to reduce the trials need to find a collision and even if one is found it's hardly possible that it is one you can use. but why are you all encrypting messages with pgp. rsa the algorithm behind pgp is not that secure any mor it can be broken if the message is long enough. i would rather recomend to use a hybrid protocol. that means creating a key with a symetric ciper and encrypt it with pgp sending it to the reciever and encrypting the actual message with the symetric key. for a symetric cyper i would recomend either aes (rijndael) or helix.