Re: sha1 pgp fingerprint

2017-01-26 Thread Werner Koch 
On Thu, 26 Jan 2017 10:56, pe...@digitalbrains.com said:

> second-preimage attack. The problems with SHA-1 are with collision
> resistance, not preimage attacks.

Correct, but we should also mention that even collissions are not yet a
current problem - but one we definitely want to be prepared for.

The whole fuzz about replacing SHA-1 from https (I write https and not
TLS for a reason) may help to learn about algorithm replacement
procedures for the future.  Replacing SHA-1 in X.509 certificates, as
used for the Web, will not magically make the Web in any way more
secure.  The problems with the Web infrastructure are not due to SHA-1
or even RSA-1024; Shamir's old rule still holds: "Crypto will not be
broken, it will by bypassed".


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpefP443XLqr.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: sha1 pgp fingerprint

2017-01-26 Thread Peter Lebbing 
On 26/01/17 00:47, sivmu wrote:
> The question I have not yet found any clear answer for, is why is nobody
> talking about this and should pgp keys be identified by a stronger hash
> alogrithm in the future?

Subverting SHA-1 as used for OpenPGP fingerprints requires a
second-preimage attack. The problems with SHA-1 are with collision
resistance, not preimage attacks.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: sha1 pgp fingerprint

2017-01-26 Thread Damien Goutte-Gattat 

On 01/26/2017 12:47 AM, sivmu wrote:

The question I have not yet found any clear answer for, is why is nobody
talking about this and should pgp keys be identified by a stronger hash
alogrithm in the future?


People *do* talk about this. But a change of the hash algorithm used for 
fingerprinting keys cannot be decided unilateraly by GnuPG developers. 
All OpenPGP implementations have to agree on such a change, that's why 
the discussions occur on the IETF OpenPGP mailing list.


See for example those threads:

https://www.ietf.org/mail-archive/web/openpgp/current/msg08265.html

https://www.ietf.org/mail-archive/web/openpgp/current/msg08693.html



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

sha1 pgp fingerprint

2017-01-25 Thread sivmu 

I have been wondering for a while about the use of sha1 in pgp fingerprints.

Although sha1 may not be easily broken in practise, there are
theoreticall collosion attacks that are feasible for well funded
organisations.
Cryptographers, like Bruce Schneier, have been recommending for years to
migrate to a new hash algorithm for all sorts of reasons.

New versions of gpg do not use sha1 in any encryption operation if I am
not mistaken. But we still use sha1 fingerprints to compare of our keys.

The question I have not yet found any clear answer for, is why is nobody
talking about this and should pgp keys be identified by a stronger hash
alogrithm in the future?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users