On Sat, 19 Feb 2022 15:52, Robert J. Hansen said:
> As part of an iterated key derivation function, SHA-1 is still believed safe.
> There's no reason to shy away from it, or AES128.
FWIW: SHA-1 is also used has part of the OpenPGP MDC construction. This
is something alike a MAC and there are not signs anyware that this
construction is broken. In fact, it was part of the first widely
deployed AE algorithm (in 2001).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
> As part of an iterated key derivation function, SHA-1 is still believed safe.
> There's no reason to shy away from it, or AES128.
FWIW: SHA-1 is also used has part of the OpenPGP MDC construction. This
is something alike a MAC and there are not signs anyware that this
construction is broken. In fact, it was part of the first widely
deployed AE algorithm (in 2001).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.