SEO

During a report of the german news-website "Heise.de" experts
(Christian Rechberger and Christophe De Cannihre) on the Crypto2006 (a
conference) talked about at least one practical attack aggainst SHA-1.

The demonstration was made with a limited Version of SHA-1 but
cryptographic scientist said the attack would also be practical again
the normal version wich is widly in use.

Rechberger and De Cannihre said that they exspect a even more practical
attack against the normal SHA1 after some optimisations of their method.

The Ports-System uses MD5 and SHA1 wich are both now, at least for
cryptographic experts, brocken and not realy trustfull anymore. So 2 of
3 Algorithms used by the Ports-System are in fact weak.
Wouldn`t it be about time to think about alternatives?
Experts said that SHA 512 may rise the border for an sucessfull attack.

I would like to request the replacement of SHA-1 with SHA512 and to
kick out MD5 out of the Ports-System.
Using RipeMD with more bits would be usefull too (Ripe-MD is not
limited to 160Bits).

MD5 could get replaced with Whirpool wich is recommended by the
NESSIE-Project and wich is also a ISO-Standard.
Alternatives could be Tiger2 or HAVAL wich are also considred secure.

I think one of the Problems is that OpenSSL provides just a wide range
of unsecure HASH-Functons like MD2/4/5 SHA and now also SHA1.
The only algorithm considred as secure is the Ripe-MD (or rmd)
algorithm.

So no matter what you`ll do (as developers of OpenBSD) the question
came up one more time and I think some peoples should start looking for
alternative HASH-Algorithms used in the Ports.


Links for Nessie:
http://www.cryptonessie.org/

Kind regards,
Sebastian Rother