On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen <r...@sixdemonbag.org> wrote: > That's three examples of things that will unexpectedly break if SHA-1 > falls. A complete laundry list would go for pages and pages and pages. > I'd suggest reading comp.risks; they might have something on point.
Thanks,.. got what you meant :-) >> But attackers could still attack older data, that they intercepted, right? > Imagine that in 2010, the OpenPGP Working Group publishes a new key > specification. v5 keys use SHA256, not SHA1. I revoke my current key > and migrate to a new v5 key. > In 2015, the SHA-1 attack becomes practical. Someone goes back to my > old messages and lifts a signature off something I've written. They > construct a new message that hashes out the same as my old message, and > put my old signature on a new message. "Look, look! He signed a > message in 2009 claiming that he'd pay me $1 million in 2015! Pay up, > Mr. Hansen!" > > No one would take such a forgery seriously. Ah I see,... And encryption does not suffer from hash algorithm weaknesses anyway, does it? I mean there it wouldn't help to revoke my key,... (given the fact that one has such long term secrets). Cheers, Philippe. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
