[Standards] SHA-1 use in XMPP

Evgeny Khramtsov xramtsov at gmail.com
Thu Jun 22 18:10:07 UTC 2017


Thu, 22 Jun 2017 17:13:08 +0100
Dave Cridland <dave at cridland.net> wrote:

> Well, MD5 is brute-forceable now - you can clock up a lot of them per
> second on a stolen AWS account.
> 
> The advice I'm hearing is that SHA-1 will be in range within a couple
> of years at the current rate of weakening.

Well, yes, there also reverse SHA1 tables exist [1] which make it
trivial to reverse short passwords, but all this has nothing in common
with SHA1 collisions, as far as I know.

[1] https://sha1.gromweb.com


More information about the Standards mailing list