First chosen-prefix collision for SHA-1:
– The researchers demonstrated an impersonation attack on OpenPGP.
– GnuPG 2.2.18 (released in November 2019) and newer includes a fix (CVE-2019-14855).
– CAcert still uses SHA-1.
– OpenSSL considers disabling SHA-1. Some Linux distributions already configured it more securely.
chaos.social – a Fediverse instance for & by the Chaos community