On 4/27/2013 8:01 PM, Daniel Kahn Gillmor wrote: > I don't think this recommendation was made to defend against preimage > attacks. Avoiding the use of SHA-1 in certifications in general is a > step towards defend against collision attacks, which is territory that > SHA-1 is heading into. (i agree that if sha-1 falls victim to preimage > attacks we have much much bigger problems).
I'm having a little bit of trouble connecting the dots, Daniel. (This may be due to the late hour: at 4:30am I'm only awake due to a caffeine IV.) If I sign my certificate using SHA-1 today, how does that facilitate a collision attack against that certification? Collision attacks on SHA-1 seem to be more in the realm of message signatures and automated systems that may generate a ton of signatures on user-provided data without human intervention. It doesn't seem to be particularly relevant to the case of a certificate signature: it seems as if to attack that you'd have to move from generating random collisions into preimage attacks. It is, of course, quite possible that I'm tired and missing something important. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users