On Wed, Nov 18, 2020 at 2:30 PM Stefan Claas <spam.trap.mailing.li...@gmail.com> wrote: > > On Tue, Nov 17, 2020 at 11:11 PM Ernst G Giessmann via Gnupg-users > <gnupg-users@gnupg.org> wrote: > > > > The answer to the second question is: > > > > A SHA-1 collision of two documents D1 and D2 means that the hash values > > Hash(D1) and Hash(D2) are equal, which in turn means that (regardless > > who signs) any signature of D1 (be it OpenPGP or SMIME) can also be used > > as a signature of D2. Any signer and any key, if used with SHA-1! > > > > So if you got a harmless document D to sign, you must be sure that there > > is no evil twin of it. This is usually the case if you are the author of > > D, because the construction of an evil twin remains hard. But it is easy > > to construct docs with the same hash value. > > > > /Ernst. > > Thanks for your reply! So if I check the SHA1 checksums > from https://gnupg.org/download/integrity_check.html > and Alice checks from another evil site the same files then we > could have a problem with tools like openssl or the shasum tool.
evil mirror with 'same' files ... > But, sorry to ask again. > > I like to give an Example. > > Mallory has managed to listen to the clear text communications from > Alice and Bob's online devices. Alice and Bob always use GnuPG > to digitally sign their messages. prior encrypting. > Mallory is *not* in possession of the private keys from Alice and Bob. > Mallory has created a document which causes a collision and was > signed with his own key. > > He sends this message to Alice. What does Alice see when she > does a gpg --verify? I mean she should see, regardless if the > message has a collision or not, that the message was digitally > signed by Mallory's private key and not by Bob's private key. The one thing I could currently see is if Alice would make a public statement on her web site, for example, digitally signed by her with SHA1 and that Mallory would upload a collided document with a (completely) different content. So the question for me would be if a collision could be crafted, let's say for an important business contract etc., if the different content of a document would make the same sense, like the one from the original document. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users