Hi Werner, last year in March 2023 you wrote in https://dev.gnupg.org/T6433
to the question > > Is there some plan to disable SHA-1 signatures by including this in the weak algorithms list in close future? > No, it would break the verification of too many signatures. Just rereading https://www.gnupg.org/faq/weak-digest-algos.html > Although the SHA-1 algorithm shows signs of weaknesses as well, > it is still very hard and time consuming to create collisions. > Mounting a pre-image attack is still far out of reach. Wikipedia has > As of 2020, chosen-prefix attacks against SHA-1 are practical.[6][8] [6] https://www.ntu.edu.sg/news/detail/critical-flaw-demonstrated-in-common-digital-security-algorithm | [‘chosen-prefix collision attack] | using a cluster of 900 GPUs running for two months, | the pair have successfully demonstrated their way to break the SHA-1 | algorithm using this attack [8] is the same research result, adding costs | using 900 Nvidia GTX 1060 GPUs (we paid US$ 75k and machines got faster. Is the statement of https://www.gnupg.org/faq/weak-digest-algos.html for 2025 still current? It feels outdated. This page is not linked from https://www.gnupg.org/faq/gnupg-faq.html so maybe it should have been deleted already. I suggest to delete it. I also suggest to change the default to not create SHA1 message digest by default anymore, unless and option is given. (And update https://dev.gnupg.org/T6433) As for verification, how many signatures would be affected, do we have any ideas since when no new signatures with SHA1 digests are created? Maybe adding a depreciation warning is another path? It has been more than 18th months since March 2023. :) NIST aims to phase out SHA1 until 2030 (if Wikipedia is right), I think this means old signatures. In short, there should be a plan. Best Regards, Bernhard -- https://intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
