On Sun 2016-01-24 13:55:38 -0500, Werner Koch wrote: > If you talk to people on how they verify SSH fingerprints (that is even > MD5 for most installations)
SSH key fingerprints are a different thing than software distribution checksums because the material digested in ssh originates entirely from one party, whereas the software distribution checksums can potentially be influenced by multiple parties. > you will so often hear: “Oh, I look at the first and a few of the > last digits only”. right, this is not a cryptographically-strong verification :) > We can assume that this won't be different for SHA-1 checksums - does > anyone believe that by switching to SHA-256 they would check many more > digits? if they don't check more digits, then we can't help them. but it'd be nice to offer a way for people to do a cryptographically-strong check if they decide to do so. but in general, i agree with you that published checksums are stopgap measures at best, mainly fit for detecting corrupted downloads, and not particularly useful against a targeted attack. >> Also, the OpenPGP signature published at >> https://files.gpg4win.org/gpg4win-2.3.0.exe.sig itself uses SHA1 >> internally. This is also a bad idea. signatures published today should > > Yes, that should be fixed because it is easy and not subject to the UX > problems described above. FWIW, for GnuPG proper we switched to > SHA-256 in 2012 (gnupg 1.4.12). [...] > [1] Right, the GnuPG speedo build script with its signed and published > list of package versions also uses SHA-1 and that should be fixed > before 2.2. (filed as bug@2226) great, thanks! --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
