> On Nov 19, 2014, at 1:47 AM, Tim Bray <[email protected]> wrote: > > Are there any threads other than the one starting at > http://www.metzdowd.com/pipermail/cryptography/2014-September/022754.html ? > > The conclusion there, via David Leon Gil, is instructive: > http://www.metzdowd.com/pipermail/cryptography/2014-September/022758.html >
Exactly, we put more checks into our PGP implementation as a result of this discussion: https://github.com/keybase/kbpgp/commit/ef9f264c5d4bd6e908d8da26c84863dffa19a662 Presumably PGP (which our CLI shells out to), had some of those checks all along (taking David’s word on this though I can’t find them looking through the source code). In that previous discussion, we weren’t assuming the worst of SHA-1, but such an assumption seems reasonable going forward. The OpenPGP folks should assume the same, and transition to a SHA-2 (or -3) based key fingerprint. In addition to the issues I mentioned previously, if SHA-1 is broken, I’m sure we’ll find many implementation flaws in GnuPG, which uses SHA-1 key fingerprints internally to check for key equality. I disagree with Tony, I don’t see a compelling argument here that the Keybase design is “conceptually flawed,” especially if including SHA-2 or SHA-3 key fingerprints in our proofs can defeat the proposed attack.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
