Geekzone: IT, mobility, wireless and handheld news

R.A. Hettinga rah at shipwright.com
Sun Feb 20 17:15:43 EST 2005


<http://www.geekzone.co.nz/content.asp?contentid=4099>


Geekzone: IT, mobility, wireless and handheld news


PGP moving to stronger SHA Algorithm
News : Mobile : Security, posted 19-FEB-2005 19:37




 PGP Corporation is planning to migrate to a more secure version of the
Secure Hash Algorithm (SHA) in the upcoming releases of its PGP Desktop and
PGP Universal encryption solutions. According to a report released this
week by a team at Shandong University in China, the SHA-1 algorithm that
supports the digital signatures used in popular SSL browser security and
encryption can be successfully attacked. The same team helped break MD5,
another commonly used cryptographic hash algorithm, in August 2004.

 According to the company, all PGP products are architected to allow for
rapid and non-disruptive migration of all encryption, hash, compression,
and signature algorithms. PGP Corporation began planning the migration to
more secure hash algorithms after MD5 was compromised last year. Jon
Callas, CTO & CSO of PGP Corporation addressed the company's design
philosophy in a September 2004 CTO Corner article entitled "Much ado about
hash functions" . At the same time, PGP engineers began implementing a
shift from SHA-1 to the stronger algorithms (SHA-256 and SHA-512) while
preserving interoperability with existing software. The upcoming releases
of PGP Desktop and PGP Universal will allow users to select from a broader
range of authentication options.

 "The work done by the University of Shandong team is in the finest
tradition of cryptoanalytic peer review," said Callas. "The best minds
continually review existing algorithms, identify issues that need to be
addressed, and the entire community of vendors and users benefits. We will
continue to monitor the cryptographic integrity of the algorithms used in
PGP products and upgrade them as required to provide our customers with the
most secure information security solutions available."



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list