[tahoe-dev] SHA-1 broken!

David-Sarah Hopwood david-sarah at jacaranda.org
Wed Apr 29 22:56:34 UTC 2009

Zooko O'Whielacronx wrote:
> The people who are suffering from the  
> collisions in MD5 and SHA-1 are suffering, not because MD5 or SHA-1  
> were suddenly revealed to be insecure, but because they ignored the  
> warning messages from cryptographers for many years.  (I'm a tad  
> irritated about this, since "I tried to tell them" [5] and "They  
> wouldn't listen!" [6].)

This is why no attention should be paid to non-cryptographers attempting
to pour scorn on the feasibility of attacks (as in the case of [6]),
even, and perhaps especially, when said non-cryptographers are widely
respected for other reasons.

(The same point applies to other fields of similar complexity and
subtlety to cryptography.)

> [5] http://www.gelato.unsw.edu.au/archives/git/0506/5273.html
> [6] http://www.gelato.unsw.edu.au/archives/git/0506/5299.html

David-Sarah Hopwood ⚥

More information about the tahoe-dev mailing list