[Enigmail] about creating a secure encryption

[Ayush Sharma]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello All,

>   Maybe the part that says he would need RSA keys in order to be able to
> use SHA-256... since SHA-1 is "broken" (ok, I know "broken" doesn't mean
> it is useless... just not so good as it was expected).
For anybody looking for Affirmation from the NIST on this topic, this is
the link

http://csrc.nist.gov/groups/ST/hash/statement.html

Though, I would like to add that I am not so sure that the attack would
be possible on HMAC.
HMAC works in a different way than from the normal Hash function without
a key, and thus I am not so sure whether the "attack" is applicable for
the SHA-1 with the key used for signing. Moreover, RIPEMD-160 hasn't
been successfully attacked till now (to the best of my knowledge).
Anyways, "they" keep looking for stronger Hashes, and thus would be
migrating to SHA-2 by 2010 ("they" = the Federal Agencies).
A small side note. Germany is introducing an Electronic Health Card that
will contain all the health information of the patients (Encrypted
Info). That will have a progressive roll-out, and the first state is
NRW, and the approximate goal is the end of this year. The scheme used
for E-Signing by Doctors is indeed SHA-2, and not SHA-1.

Thank you and wish everybody a great day/evening/night ahead,
- -Ayush
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: For keyID and its URL see OpenPGP message header

iEYEARECAAYFAkhqoJ0ACgkQX85fnujYCQaBxACeKxWZ4wf/9Ep/KRZZAJJQbdA+
03UAoJ74DMMmzqArOZkyiPYtTNNdR3mP
=8tIF
-----END PGP SIGNATURE-----