On 07/10/2012 06:15 PM, Robert J. Hansen wrote:
> Right now, only random collisions can be generated. That's not any use
> in forging a signature, which requires a preimage collision.
If the attacker can convince you to sign a chosen text (perhaps one that
looks reasonable), then a failure in the
You're arguing two different contradictory things here:
> I'm not saying these attacks exist practically today against SHA1 (i
> don't know if they do), but collision-resistance is the relevant
> property, not resistance to pre-image attacks.
And then:
> The places where it is thoroughly "baked
Am Mi 11.07.2012, 23:13:00 schrieb vedaal:
> (A clever, malicious attacker could backdate the clock,
> and have a forgery of something you did in the past,
> when you couldn't claim:
>
> "Hey, that's an obvious forgery!
> I'm on record as saying I would never use SHA1 to sign anything anymore!")
On 7/11/2012 11:36 PM, Robert J. Hansen wrote:
> want to know. What I do know is that there are a surprising number of
> ways a SHA-1 preimage attack can screw over even people who have never
> used SHA-256.
s/SHA-256/SHA-1/
Apologies for the typo.
signature.asc
Description: OpenPGP digital
On 7/11/2012 9:23 PM, brian m. carlson wrote:
> Really? I'm pretty sure that I'm not generating SHA-1 signatures.
This is not necessarily relevant.
Here's a thought experiment for you. Someone creates a DSA-1k key and
uses --cert-digest-algo SHA256 and --enable-dsa2. This creates 160-bit
trunc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 7/11/2012 9:23 PM, brian m. carlson wrote:
>>> If I use MD5, even for one message, that allows a moderately
>>> determined attacker to replay that signature on what is likely to
>>> become a fairly large set of messages. I'd rather avoid that,
On Tue, Jul 10, 2012 at 08:15:32PM -0400, Robert J. Hansen wrote:
> There tends to be a lot of scaremongering in the world of crypto. I
> think it's generally wise to be careful in our declarations. It is
> enough to say SHA-1 is known to not meet its design specifications and
> that some fairly
On Wed, Jul 11, 2012 at 11:25 AM, Werner Koch wrote:
> On Wed, 11 Jul 2012 07:56, r...@sixdemonbag.org said:
>
>> V5 discussions will not kick off in earnest until NIST announces the new
>> hash standard, or so I've heard people from the working group say.
>
> And even then it will take 5 years or
On Wed, 11 Jul 2012 21:41, r...@sixdemonbag.org said:
> History has not been kind to the Merkle-Damgård construction. The fact
> OpenPGP only contains Merkle-Damgårds has always bothered me: I'd feel
> much better if WHIRLPOOL had been standardized and included in the list.
On Phil’s request we
On 7/11/2012 9:50 AM, Healer 1 wrote:
> I am a retired doc 65 and a scrunch,a Master Bard & Priest to the
> Sanctuary of the Healers' Heart, and due to necessity I am becoming
> involved in signing and encryption...
You may also be interested in joining the Enigmail users mailing list:
ht
On 7/11/2012 11:51 AM, Werner Koch wrote:
> But only because RIPEMD160 does not get as much attention as SHA-1.
True, but I'm not certain I believe SHA256 is much better.
Let's look over the history of Merkle-Damgård hashes:
MD2 (broken 1997, preimages 2004)
MD4 (broken 1991, preimages 2008, can
On 2012-07-11 17:46, Sam Smith wrote:
> Thanks. The clearsign "test" worked.
>
> What does "cert-digest-algo" do? I read the description in the GnuPG
> manual and what you quoted, but I still don't understand. Could
> someone explain to me what cert-digest-algo does and how it differs
> from digest
On 2012-07-11 17:57, Sam Smith wrote:
> > For clearsigned messages, yes, for a message sent to someone else
> while using their public key,
> > it will depend on the capabilities specified in their preference.
>
> which command states this preference for when a message is sent to
> someone using th
Am Mi 11.07.2012, 13:57:58 schrieb David Shaw:
> For signing, it's not as simple - for example, there is
> no explicit recipient (and therefore no preference list) when signing
> without encrypting, such as is done on a mailing list.
Is there any reason why known recipients should not be consider
On Jul 11, 2012, at 11:09 AM, Hauke Laging wrote:
> Am Mi 11.07.2012, 16:54:27 schrieb Kristian Fiskerstrand:
>
>> Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.]
>> or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure
>> a matching set between implementation
On Jul 11, 2012, at 1:06 PM, Sam Smith wrote:
> To make sure I understand correctly:
>
> 1) cert-digest-algo SHA256 = will use SHA256 to sign KEYS with regardless of
> what preferences the key holder has stipulated
>
> 2) digest-algo SHA256 = will use SHA256 to sign MESSAGES with regardless of
To make sure I understand correctly:
1) cert-digest-algo SHA256 = will use SHA256 to sign KEYS with regardless of
what preferences the key holder has stipulated
2) digest-algo SHA256 = will use SHA256 to sign MESSAGES with regardless of
what preferences the recipient of the message has stipula
Am Mi 11.07.2012, 11:13:46 schrieb Robert J. Hansen:
> The entire point of a standard is to allow interoperation. That means
> there has to be some final fallback mode.
IMHO the second sentence effectively rewrites the first to:
"The entire point of a standard is to ENFORCE interoperation."
I
>
For clearsigned messages, yes, for a message sent to someone else
while using their public key,
> it will depend on the capabilities
specified in their preference.
which command states this preference for when a message is sent to someone
using their public key? the "default-pre
On Wed, 11 Jul 2012 17:11, r...@sixdemonbag.org said:
> I would suggest "SHA256 RIPEMD160", myself. There are no known attacks
> on RIPEMD160, and if you're in a situation that requires the use of a
But only because RIPEMD160 does not get as much attention as SHA-1. I
doubt that RIPEMD160 is in
On 7/11/2012 11:09 AM, Hauke Laging wrote:
> Does it make sense that a standard overrides a user's decision to prefer
> security over compatibility (sure, you can still check afterwards what has
> happened but that can be difficult especially if gpg is not used directly but
> called by a MUA e.g
Thanks. The clearsign "test" worked.
What does "cert-digest-algo" do? I read the description in the GnuPG manual and
what you quoted, but I still don't understand. Could someone explain to me what
cert-digest-algo does and how it differs from digest-algo when placed in
gpg.conf?
so "personal-
On 7/11/2012 10:09 AM, Sam Smith wrote:
> 1) to use stronger hash when supported by others, I added this line =
> *personal-digest-preferences SHA256*
I would suggest "SHA256 RIPEMD160", myself. There are no known attacks
on RIPEMD160, and if you're in a situation that requires the use of a
160-b
Am Mi 11.07.2012, 16:54:27 schrieb Kristian Fiskerstrand:
> Note that as per RFC4880 this will still not remove SHA1[0: 13.3.2.]
> or 3DES[0: 13.2.], as these are appended tacitly to be able to ensure
> a matching set between implementations.
Does it make sense that a standard overrides a user's
First: This is not legal advice. I am not a lawyer. Consult a lawyer
in your jurisdiction if you have specific questions. This is the
rantings of a semi-informed layman.
One of the big elephants in the room when talking about digital
signatures is that we conflate several different things under
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-07-11 16:09, Sam Smith wrote:
> I've added the following 3 lines to my gpg.conf file:
>
> 1) to use stronger hash when supported by others, I added this line
> = *personal-digest-preferences SHA256*
>
> 2) to use the SHA256 hash when I Sign
I've added the following 3 lines to my gpg.conf file:
1) to use stronger hash when supported by others, I added this line =
personal-digest-preferences SHA256
2) to use the SHA256 hash when I Sign a message, I added this line =
cert-digest-algo SHA256
3) to change what is used when a new key
Good Day Folks,
I am a retired doc 65 and a scrunch,a Master Bard & Priest to the
Sanctuary of the Healers' Heart, and due to necessity I am becoming
involved in signing and encryption I am somewhere in the mid range of
computer skills better with Linux than Winblow$. I am a total noobe with
both t
> I'd much rather fail to generate a signature than generate
> one using an algorithm which is very weak.
My feelings as well.
Date: Tue, 10 Jul 2012 23:59:45 +
From: sand...@crustytoothpaste.net
To: gnupg-users@gnupg.org
Subject: Re: why is SHA1 used? How do I get SHA256 to be used?
On T
On Wed, 11 Jul 2012 01:22, mailinglis...@hauke-laging.de said:
> gpg --options /dev/null --keyserver hkp://keys.gnupg.net --search-keys ...
> gpg: external program calls are disabled due to unsafe options file
> permissions
Use --no-options instead.
Salam-Shalom,
Werner
--
Die Gedanken si
On Wed, 11 Jul 2012 07:56, r...@sixdemonbag.org said:
> V5 discussions will not kick off in earnest until NIST announces the new
> hash standard, or so I've heard people from the working group say.
And even then it will take 5 years or so until it it has been deployed
widely. Even GnuPG 1.2 is s
Am 10.07.2012 21:22, schrieb bo...@z1p.biz:
> I'm trying to save a 4096 bit RSA key to my OpenPGP smartcard v2.0 but I get
> an error about a "bad secret key".
>
> I use Ubuntu 10.04 with a self-compiled GnuPG 2.0.19
>
> Verbose-mode doesn't tell more details and according to Google I am the onl
I searched the above combination of keywords on
http://marc.theaimsgroup.com/ and got nothing. I assume, then, that this
group has no messages dealing with the question of whether or not I can use
GnuPG to create certificates that I can use to support https on Apache.
The more general sear
33 matches
Mail list logo
