[cfarm-users] Is RSA really insecure?

[Peter Gutmann]

Gregor Riepl via cfarm-users <cfarm-users at lists.tetaneutral.net> writes:

>It's because it relies on SHA-1, and SHA-1 is known to be broken.

It's breakable with a considerable amount of effort for static data. Attacking
it in SSH auth would require the ability to break it in real-time or close to
it, which no-one has come close to doing.  Also, it's a collision attack (you
generate two documents with the same hash value) which doesn't apply in this
case since you're signing a fixed transcript hash.

Peter.