Hi Neal,
thanks a lot for the detailed explanation!
Best regards
Stefan
On Thu, Nov 19, 2020 at 7:52 AM Neal H. Walfield wrote:
>
> Hi Stefan,
>
> A chosen-prefix collision attack works as follows: an attacker chooses
> two message prefixes, and then uses near collisions blocks (in the
> SHA-1
Hi Stefan,
A chosen-prefix collision attack works as follows: an attacker chooses
two message prefixes, and then uses near collisions blocks (in the
SHA-1 is a Shambles paper they needed about 10 such 512-bit blocks) to
align the internal state of the two hashes. Since SHA-1 is a
streaming functi
On 2020-11-17 at 22:18 -0700, Mark wrote:
> Not to ask a stupid question but how can you tell which algorithm your
> keys are using and if using SHA1 update them to a more secure one?
I have a better answer than my previous one, because the very next
mailing-list I read has a post today from the S
On 2020-11-17 at 22:18 -0700, Mark wrote:
> Not to ask a stupid question but how can you tell which algorithm your
> keys are using and if using SHA1 update them to a more secure one?
With GnuPG, `gpg --list-packets` shows a lot of fine detail, but unless
you're familiar with the standards it can
Am 2020-11-18 um 14:30 schrieb Stefan Claas:
On Tue, Nov 17, 2020 at 11:11 PM Ernst G Giessmann via Gnupg-users
wrote:
The answer to the second question is:
A SHA-1 collision of two documents D1 and D2 means that the hash values
Hash(D1) and Hash(D2) are equal, which in turn means that (regard
On Wed, Nov 18, 2020 at 2:30 PM Stefan Claas
wrote:
>
> On Tue, Nov 17, 2020 at 11:11 PM Ernst G Giessmann via Gnupg-users
> wrote:
> >
> > The answer to the second question is:
> >
> > A SHA-1 collision of two documents D1 and D2 means that the hash values
> > Hash(D1) and Hash(D2) are equal, wh
On Tue, Nov 17, 2020 at 11:11 PM Ernst G Giessmann via Gnupg-users
wrote:
>
> The answer to the second question is:
>
> A SHA-1 collision of two documents D1 and D2 means that the hash values
> Hash(D1) and Hash(D2) are equal, which in turn means that (regardless
> who signs) any signature of D1 (
Thank you for your reply, much appreciated! I will however ask also
Ernst here again the same question one more time again, as an
illustrative example.
Regards
Stefan
On Mon, Nov 2, 2020 at 3:25 PM Phil Pennock via Gnupg-users
wrote:
>
> On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users
Not to ask a stupid question but how can you tell which algorithm your
keys are using and if using SHA1 update them to a more secure one?
Thanks,
On 11/17/2020 4:13 PM, Phil Pennock via Gnupg-users wrote:
The current state of SHA1 is "dangerously exposed, you should be
hurrying for the exits,
On 2020-11-17 at 15:47 +, Stefan Claas wrote:
>} Since 2005, SHA-1 has not been considered secure against well-funded
>} opponents;[4] as of 2010 many organizations have recommended its
>} replacement.[5][6][7] NIST formally deprecated use of SHA-1 in 2011
>} and disallowed its use for digital
The answer to the second question is:
A SHA-1 collision of two documents D1 and D2 means that the hash values
Hash(D1) and Hash(D2) are equal, which in turn means that (regardless
who signs) any signature of D1 (be it OpenPGP or SMIME) can also be used
as a signature of D2. Any signer and any key,
On Mon, Nov 2, 2020 at 2:25 PM Phil Pennock via Gnupg-users
wrote:
>
> On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote:
> > On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> > > recipient. That's fine. I'd rather create pressure for people to fix
> > > their systems to use modern c
On 2020-11-02 at 13:49 +0100, Werner Koch via Gnupg-users wrote:
> On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> > recipient. That's fine. I'd rather create pressure for people to fix
> > their systems to use modern cryptography than cater to their brokenness
> > with sensitive messages.
>
> P
On Fri, 30 Oct 2020 00:10, Phil Pennock said:
> I just sent a message to N recipients, and I think one of them probably
> has some preference algorithm in their key details, because this one
> mail was signed using SHA1, not my defaults.
Fixed:
commit 15746d60d492f5792e4a179ab0a08801b4049695
Au
Folks,
Normally everything I do with GnuPG is using SHA256 digests, and I
normally keep "weak-digest SHA1" in my gpg.conf file.
I just sent a message to N recipients, and I think one of them probably
has some preference algorithm in their key details, because this one
mail was signed using SHA1,
15 matches
Mail list logo
