On 06/27/2013 09:24 AM, Daniel Pocock wrote: > > Some of the discussion in this bug seems relevant to the GnuPG and > GnuPG2 packages in Debian, but the bug is against the archive > pseudo-package: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612657
I wouldn't classify it as a bug but I did read all comments and what I write here should be classified as just the OPINION of one person, moi. Like Thomas Jefferson's religious beliefs I think I will be in a congregation of one. > Can anybody else make any comments: > > a) should there be more effort to phase out SHA1? Maybe not if the argument by one person here is to be believed and the statemnt by another that ALL of the SHA would have been vulnerable to the same attack. Did the discussion come to a satisfactory conclusion? Not for me since the arguments were mostly theoretical. I am one of those people who much prefers actual over theoretical. Where they can't phase out SHA1 they can't. Where they can they should replace it with SHA-256. The one comment saying you can have both SHA1 and SHA-256 is impractical. It is either SHA1 or something else. I suspect the inertia against shifting from SHA1 to something else is probably more the hassles they perceive it will cause than any technical considerations due to standards. > b) how is it being approached upstream? Is backwards-compatibility > still emphasized to the same extent? I don't know how much they are emphasizing backwards compatability. But in this case I don't see how it could be a problem if they are using only GnuPG. Support for SHA-256 has been in GnuPG for an awfully long time. SHA-512 may cause problems going forwards given its status in backwards compatibility and depending on whether Debian uses something other than GnuPG going forwards. SHA-512 also requires significantly more CPU cycles as well and can be too much for smaller devices. Is Debian planning on a smart phone or tablet? > c) should this become a general system-wide goal to audit and increase > crypto-strength in all parts of jessie / future Debian versions? The comments in the bug indicate that NIST has a directive to replace SHA1 with something else by 2010? I don't know what all that includes but Microsoft is still using SHA1 which means that if Microsoft is included the directive is hopeless. Here we are three years later and people are stubbornly refusing to shift away from SHA1. I can remember when kernel.org was hacked into and they stated that they had used super secure SHA1. That is kind of like the two radar technicians in Tora Tora Tora. The first notes a huge formation coming in from the north. The second whines about going to eat and the lieutenant they call the observation into into told them not to worry about it. The argument that SHA1 just isn't as robust seems to me to be the same type of argument as the one to ignore that radar warning. We all know what happened on that one don't we? Pearl Harbor and the US was sucked into World War II whether they wanted to be in it or not. In trying to understand the resistance to moving away from SHA1 you have to understand that it is much more dependent on the personal resistance to change than the technical hassles. But if they do it they should write down all the problems they had and how they solved them in case they have to do it again in the future. The second time around for anything is always much easier than the first. HHH --- Thinking has been suspended indefinitely Anybody caught thinking will be immediately shot! _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
