> I'd much rather fail to generate a signature than generate > one using an algorithm which is very weak.
My feelings as well. Date: Tue, 10 Jul 2012 23:59:45 +0000 From: sand...@crustytoothpaste.net To: gnupg-users@gnupg.org Subject: Re: why is SHA1 used? How do I get SHA256 to be used? On Tue, Jul 10, 2012 at 10:10:12AM -0400, Robert J. Hansen wrote: > > SHA1 is no longer secure. > > At the present moment, SHA-1 is just fine. In the fairly near future, > anywhere between six months to a few years, I expect this will change. > But "SHA1 is no longer secure" is factually untrue, at least where > OpenPGP is concerned. SHA-1 is considered cryptographically broken. It does not provide the level of security it claims. Practically, collisions can be generated for 75 of the 80 rounds[0]. I hardly consider an algorithm this close to a collision "just fine". There's no need to run screaming to the exits, but a quick and orderly transition has been appropriate for some time. The time to move to something else is ending soon. > I don't recommend SHA-1 for new signatures, but if you have a choice > between sending a SHA-1 message which your recipient can verify > or a SHA-256 message which your recipient can't, well -- that math's > pretty easy to do. SHA-1 isn't a good choice for new signatures, but > it's a lot better than no signature. I don't generate signatures with algorithms I consider insecure because that leads to people being able to forge signatures in my name. If I use MD5, even for one message, that allows a moderately determined attacker to replay that signature on what is likely to become a fairly large set of messages. I'd rather avoid that, thank you. > > I'm not going to cater to people using really old versions, > > especially when security is involved. > > The good news is that no one's asking you to. You're only being > advised, "don't use --digest-algo SHA256, it's unwise and can break > interoperability. Use --personal-digest-preferences SHA256 instead." > This is the same advice that has been given by the GnuPG developers, by > the Enigmail team, and by many other people within the community. It's > a best-practices thing for GnuPG. The question is, will GnuPG fall back to SHA-1 if it's not in my digest preferences? I'd much rather fail to generate a signature than generate one using an algorithm which is very weak. [0] http://eprint.iacr.org/2011/641 -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
