-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, 16 Feb 2005, David Shaw wrote:
In terms of GnuPG: it's up to you whether you want to switch hashes or not. GnuPG supports all of the SHA-2 hashes, so they are at least available. Be careful you don't run up against compatibility problems: PGP doesn't support 384 or 512, and only recently started supporting 256. GnuPG before 1.2.2 (2003-05-01), doesn't have any of the new hashes. Finally, if you have a DSA signing key (most people do) you are required to use either SHA-1 or RIPEMD/160. RSA signing keys can use any hash. ====================
there's more to it than that. openPGP specifies SHA-1 (and nothing else) as the hash used to generate key fingerprints, and is what key IDs are derived from. a real threat if this can be extended into a practical attack is substituting a key with a *different* key having the same ID and fingerprint. it would be difficult for average users (and impossible for the current openPGP infrastructure) to tell bob's key from mallory's key that claims to be bob's. it can also be used (if the attack becomes practical) to forge key signatures. mallory can create a bogus key and "sign" it with anyone's real key. this would turn the web of trust into dust. the openPGP spec seemed to have assumed that SHA-1 just wouldn't fail. ever. this was the same mistake made in the original version of pgp that relied on md5. the spec needs to allow a choice of hash algorithms for fingerprints and key IDs, or else we'll play this game every time someone breaks a strong hash algorithm. - -- ...atom _________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 ------------------------------------------------- "Any sufficiently advanced technology is indistinguishable from magic." -- Arthur C. Clarke -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJCE3EoAAoJEAx/d+cTpVcinwsIAKnjw1AqwY0guPtdxMagoZC2 Rv7mCZt3QnpH4uEaWNLh5R3VImVwOBevW9VdYm+UdMwdmodD79Bc0MyPOaHDuUiP okmo0PigWIht2vGWK7F6xLtUwLUlGyuAWO5w8g/hNCt0ftdb1jUam0wQtqnTTarM B1kyTWU0sHsjyloSh0umQ8kC0nt9nNhLIasp84oIo+D3b0r6yKIWjMS7dHr1hIbx 2gXBdVw01HJng/BtF/THfZwAD2IE+OLNPg4Q6v6QnVf3BGBBPSiiD2mXrizuknA8 RevXGYgBc4plOWOlDmx2ydbRqFHe5obGMGFCk4muFh8veFhPbFxCKvfBwsawi+U= =f0+g -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'