Re: why is SHA1 used? How do I get SHA256 to be used?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello Robert ! Robert J. Hansen r...@sixdemonbag.org wrote: I think that by default, --gnupg is in use; --gnupg means --openpgp This means strict OpenPGP behaviour: MD5, SHA1, RIPEMD160 Nope. Try using --digest-algo SHA256 in the command line or GPG.CONF; may be you'll need to suppress --personal-digest-preferences from GPG.CONF (I don't know). I feel like I've said this several times in the past few months. Let me say it one more time, loudly: DON'T USE --cipher-algo OR --digest-algo UNLESS YOU KNOW EXACTLY WHAT YOU'RE DOING AND WHY. IT'S EASY TO CREATE MESSAGES YOUR RECIPIENT CANNOT READ. USE THE --personal-X-preferences INSTEAD. The question was: why does GPG uses another preference that the primary one? I've the same problem, this ClearSign message is in RIPEMD160 despite it's not the first choice, and obviously there is no receipient here. - -- Laurent Jumet KeyID: 0xCFAF704C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) iHEEAREDADEFAk/7xaYqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMvUMAoJo9kNtbXW39GOHMSmB8EMaDHu9DAKCw q2MNfcNyx5aLv/titlDxloqy2g== =1mFk -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT: PGP/MIME verification fails with new KMail2 and Thunderbird 13.0
As a curiosity, could you have both clients save the message in raw format somewhere on the disks, and compare if they're the same with a checksum? Maybe there's some misbehavior with the line endings in terms of *nix vs Winblow$ (so checking with cat -v would also be a good idea)? I know that at some point I managed to corrupt an Apache configuration file by copy/pasting stuff from KMail into terminal (but that was very long time ago), there were some invibisble characters pasted in the process. On Tue, 10 Jul 2012 00:53:43 +0200 Hauke Laging mailinglis...@hauke-laging.de wrote: Hello, I was just pointed at the problem that for the last months all of my signatures are supposed to be bad. I use KMail which shows both the emails I have sent and those I receive via this list as correctly signed. I just used Thunderbird (13.0) to check and TB claims even (most but not all) of the emails in my IMAP sent folder to have bad signatures. TB doesn't even recognize the received emails as signed (just shows an attachment). The problem seems to be newline-related. I do not waste time by filing a bug report for the wrong software... Thus maybe one of the MIME experts here can tell me who's wrong. The KMail behaviour seems to have changed from KMail to KMail2. KMail2 successfully verifies the TB emails. Thunderbird puts one more empty line between the body and the MIME seperator: ### PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 --nextPart1869494.a4NpQxFzAE Content-Type: application/pgp-signature; name=signature.asc ### ### PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 --enigDCF37498B4DFB4B1B81B232B Content-Type: application/pgp-signature; name=signature.asc ### I can manually successfully verify emails from both clients. So obviously one of them feeds the wrong data into gpg (during signing or verification). Hauke -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Documentation error: --allow-freeform-uid not needed?
On Mon, 9 Jul 2012 14:26, mailinglis...@hauke-laging.de said: OK but what does --allow-freeform-uid do then? Makses sense to add this You already quoted it in your first mail: Disable all checks on the form of the user ID w.. ^ Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT: PGP/MIME verification fails with new KMail2 and Thunderbird 13.0
On Tue, 10 Jul 2012, Hauke Laging wrote: Hello, I was just pointed at the problem that for the last months all of my signatures are supposed to be bad. I use KMail which shows both the emails I have sent and those I receive via this list as correctly signed. I just used Thunderbird (13.0) to check and TB claims even (most but not all) of the emails in my IMAP sent folder to have bad signatures. TB doesn't even recognize the received emails as signed (just shows an attachment). The problem seems to be newline-related. I do not waste time by filing a bug report for the wrong software... Thus maybe one of the MIME experts here can tell me who's wrong. The KMail behaviour seems to have changed from KMail to KMail2. KMail2 successfully verifies the TB emails. There is a difference in how KMail deals with EOL whitespace, I have an exception for it in my PGP filters for Alpine. I don't know what's different between KMail 1 and 2, but I'm glad you raised this. I can use my filters to verify your KMail 1.x messages, but Enigmail refuses to recognize that they contain valid signed messages. However I cannot verify your latest message using KMail 2, so clearly there is something different. Thunderbird puts one more empty line between the body and the MIME seperator: I'm not sure it's Thunderbird, I think it's Mailman (at least that was the consensus from previous discussion). Have you compared the raw message in your Sent mail folder to the one from the list? Also, if you look at your message in the archives, it seems to be similarly malformed. I can manually successfully verify emails from both clients. So obviously one of them feeds the wrong data into gpg (during signing or verification). Don't rule out all of the above. :) Seriously though, can you do me a favor and send me copies of the _raw_ messages from your Sent mail folder, and the message you received from the list (the one I'm responding to is fine)? Please compress them somehow (tgz is fine) so that they don't get molested in transit. That'll help me sort out how whitespace is being handled differently in KMail 2. Doug -- It's always a long day; 86400 doesn't fit into a short. Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/10/2012 1:59 AM, Laurent Jumet wrote: The question was: why does GPG uses another preference that the primary one? The short answer is, because it has to, and because you've configured it that way. I've the same problem, this ClearSign message is in RIPEMD160 despite it's not the first choice, and obviously there is no receipient here. What are the contents of your personal-digest-preferences? Also note that you're using a 1k DSA key for signing, so is it really so surprising you're using a 160-bit hash algorithm? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Robert J. Hansen wrote: On 7/9/2012 10:04 PM, vedaal wrote: which open-pgp implementation can't read/verify SHA-256 PGP 8.0 or before. SHA-256 was introduced in 8.1, if I recall correctly. There are still a *lot* of people using 6.5.8. I used the information in this article : http://www.debian-administration.org/users/dkg/weblog/48 If there are errors or omissions I'd be interested to learn, as the article is now over 3 years old. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xB0324245) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJP++7MAAoJECqtbbewMkJFUikQAIqZvd1GpSwLxzhkFiaVyt5J igyqJeC/ad2ZVdrAhL+39LHnpeh4hrmpHriDH9bamHzEGS46Z3YH2OyN4eRdszOc 0WHrWTRL+ZmswR9zz5RdCpBb9OgHJ7IXhP5xvrLFu13yqCc1HdF3RgLijH8E4JMv 7FttDIFrllf0dOW6X3ZFXbVazsvvc1QzILc4Io76pAZq/KuS7Snr/nTVMts3MpvL YUy7UeqzSTAkqIFAvgRmP6rfd+gVXeJiUc2hio/2cD+/0mzAwrnfsbipRsjvkYNi 3Irzd4qaIoqi5LOlQ6f0wFGoiuqQPKSlr74TApvv4PEBDoziVzqywI8tlNx1keeS gUsD1BV2Q1I+gm/skOoIIqYvXVV8aMouey6OZ6Dtzw1QH4UJOe2F7kx60pvyDpQe tllRdxsxrHmoHXLrNOYoY7Ncpia8soEUkvIX8ZVG40PNhIPxRlFTD8tWJSt+YNe1 X9OaVWUiIA3QveDPszeyfXlQwTK0dlUfJB0zZI16kTaSpPn1wIYaX2q8sKYgFtfA 0UAGCpkGCfMa2eDE5RILyNEYj6d1eKJ8kCGwyQKLu6O3ck8rfEAx29W1sMa6n/D4 JdEqOl8CoVF5LhRFtzfO85gKLaotv1vsfCAsZfC8R+w8dhQZN9pdrHp3KmykrQM9 LunQ9W3QGT1CnVDcawnX =kBZf -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/10/2012 4:58 AM, Andy Ruddock wrote: I used the information in this article : It is still substantially accurate and useful, as near as I can tell. (I still think cert-digest-algo sha256 is unnecessary at this point in time, but I understand why he believes otherwise, and his perspective is hardly an unreasoned one.) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Slightly OT: PGP/MIME verification fails with new KMail2 and Thunderbird 13.0
Am Di 10.07.2012, 08:43:55 schrieb Branko Majic: As a curiosity, could you have both clients save the message in raw format somewhere on the disks, and compare if they're the same with a checksum? A checksum is not neccessary, it's obviously not the same. KMail stores the files with \n line endings instead of \r\n. In order to successfully verify the signature I had to convert the KMail file to \r\n and to remove the \r\n (both) on the last line until I added a \n to my text signature. ... I just checked the files after the conversion to \r\n. There were more differences (probably not relevant for this problem). The KMail file has an addidional line at the beginning: From ha...@laging.de Mon, 09 Jul 2012 20:06:34 +0200 Furthermore the KMail file has \r\n at the end of the last line, the TB file does not. But the signed part and the signature are stored identically. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: why is SHA1 used? How do I get SHA256 to be used?
Hauke, thank you so much for explaining this. Would you be so kind as to describe how exactly I should edit my config file to accomplish SHA256? There's lots of advice out there and I'd like to make sure I don't make any mistakes when configuring. Thank you. From: mailinglis...@hauke-laging.de To: gnupg-users@gnupg.org Subject: Re: why is SHA1 used? How do I get SHA256 to be used? Date: Mon, 9 Jul 2012 23:56:11 +0200 Am Mo 09.07.2012, 17:45:37 schrieb Sam Smith: Here's the result of ShowPRef for my key: Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, BZIP2, ZIP, Uncompressed SHA1 is showing up second. So when I sign a message, why isn't SHA256 used? Your key tells others what to do. For what you do yourself (when I sign a message) you have to edit the config file. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: why is SHA1 used? How do I get SHA256 to be used?
Yeah, there's still people on Internet Explorer 6 7 too and they cause all kinds of problems for web developers. If people using really old versions can't read something, that's really their burden to update their software. SHA1 is no longer secure. I'm not going to cater to people using really old versions, especially when security is involved. Date: Mon, 9 Jul 2012 23:10:27 -0400 From: r...@sixdemonbag.org To: gnupg-users@gnupg.org Subject: Re: why is SHA1 used? How do I get SHA256 to be used? On 7/9/2012 10:04 PM, vedaal wrote: which open-pgp implementation can't read/verify SHA-256 PGP 8.0 or before. SHA-256 was introduced in 8.1, if I recall correctly. There are still a *lot* of people using 6.5.8. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
SHA1 is no longer secure. At the present moment, SHA-1 is just fine. In the fairly near future, anywhere between six months to a few years, I expect this will change. But SHA1 is no longer secure is factually untrue, at least where OpenPGP is concerned. I don't recommend SHA-1 for new signatures, but if you have a choice between sending a SHA-1 message which your recipient can verify or a SHA-256 message which your recipient can't, well -- that math's pretty easy to do. SHA-1 isn't a good choice for new signatures, but it's a lot better than no signature. I'm not going to cater to people using really old versions, especially when security is involved. The good news is that no one's asking you to. You're only being advised, don't use --digest-algo SHA256, it's unwise and can break interoperability. Use --personal-digest-preferences SHA256 instead. This is the same advice that has been given by the GnuPG developers, by the Enigmail team, and by many other people within the community. It's a best-practices thing for GnuPG. Don't use --digest-algo. Use --personal-digest-preferences. That's all. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
Am Di 10.07.2012, 08:26:14 schrieb Sam Smith: Hauke, thank you so much for explaining this. Would you be so kind as to describe how exactly I should edit my config file to accomplish SHA256? As Rob already mentioned: You need --personal-digest-preferences (which is just personal-digest-preferences in the config file). You put your favourite first, e.g.: personal-digest-preferences SHA256,RIPEMD160,SHA1 Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hello Hauke ! Hauke Laging mailinglis...@hauke-laging.de wrote: As Rob already mentioned: You need --personal-digest-preferences (which is just personal-digest-preferences in the config file). You put your favourite first, e.g.: personal-digest-preferences SHA256,RIPEMD160,SHA1 Do you succeed in having a SHA256 hash with this statement? How can I explain that I have RIPEMD160 instead? - -- Laurent Jumet KeyID: 0xCFAF704C -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) iHEEAREDADEFAk/8PwwqGGh0dHA6Ly93d3cucG9pbnRkZWNoYXQubmV0LzB4Q0ZB RjcwNEMuYXNjAAoJEPUdbaDPr3BMRUgAnAli775gSYM8jzLws2QUIzFWs1OUAJ4v +nb4d0H7K5EsWQ7Vu9Hv9/r3mQ== =63v/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 10/07/12 16:39, Laurent Jumet wrote: Do you succeed in having a SHA256 hash with this statement? How can I explain that I have RIPEMD160 instead? Like Rob said, Also note that you're using a 1k DSA key for signing, so is it really so surprising you're using a 160-bit hash algorithm? To truncate SHA-256 to fit in a 1k DSA signature, specify --enable-dsa2. I personally don't use DSA, so there might be some more interesting options related to it. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
Am Di 10.07.2012, 16:39:20 schrieb Laurent Jumet: personal-digest-preferences SHA256,RIPEMD160,SHA1 Do you succeed in having a SHA256 hash with this statement? Yes, I do. Just tried. How can I explain that I have RIPEMD160 instead? Two possibilities come to my mind: 1) I created a signature using gpg only. Did you do that, too, or did you use some GUI or calling program (MUA)? 2) Are there conflicting statements in your config file? Maybe you can check by calling gpg --options /dev/null --personal-digest-preferences SHA256 --detach-sign... gpg --options /dev/null --personal-digest-preferences SHA256,RIPEMD160 ... Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On Jul 10, 2012, at 10:39 AM, Laurent Jumet wrote: Hauke Laging mailinglis...@hauke-laging.de wrote: As Rob already mentioned: You need --personal-digest-preferences (which is just personal-digest-preferences in the config file). You put your favourite first, e.g.: personal-digest-preferences SHA256,RIPEMD160,SHA1 Do you succeed in having a SHA256 hash with this statement? How can I explain that I have RIPEMD160 instead? Your key is a 1024-bit DSA key. That key can only use a 160-bit hash, so you can use either RIPEMD160 or SHA-1. The rules for hash choice in DSA were relaxed a bit later, to allow for a 160-bit hash *or* a larger hash truncated to fit. To enable that, you can use --enable-dsa2, and you should be able to get SHA256 - but note it's SHA256 truncated down to 160 bits. You can't use more than 160 bits without a larger DSA key. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/10/2012 10:39 AM, Laurent Jumet wrote: Do you succeed in having a SHA256 hash with this statement? How can I explain that I have RIPEMD160 instead? I apologize for repeating myself here: I don't mean to be condescending, but apparently my answer was not clear. I'll try to be more clear. You're using a DSA-1k key. It's limited to 160 bits. That means you cannot use SHA256. The best you can get is SHA256 truncated down to 160 bits, but at that point there's no difference between SHA256 and RIPEMD160. They both have the exact same margin of security: there are no known attacks against either. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
keytocard: bad secret key
I'm trying to save a 4096 bit RSA key to my OpenPGP smartcard v2.0 but I get an error about a bad secret key. I use Ubuntu 10.04 with a self-compiled GnuPG 2.0.19 Verbose-mode doesn't tell more details and according to Google I am the only one with that problem... Does anyone know what's wrong? Regards __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
very cautious :-)
gpg --options /dev/null --keyserver hkp://keys.gnupg.net --search-keys ... gpg: external program calls are disabled due to unsafe options file permissions -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On Tue, Jul 10, 2012 at 10:10:12AM -0400, Robert J. Hansen wrote: SHA1 is no longer secure. At the present moment, SHA-1 is just fine. In the fairly near future, anywhere between six months to a few years, I expect this will change. But SHA1 is no longer secure is factually untrue, at least where OpenPGP is concerned. SHA-1 is considered cryptographically broken. It does not provide the level of security it claims. Practically, collisions can be generated for 75 of the 80 rounds[0]. I hardly consider an algorithm this close to a collision just fine. There's no need to run screaming to the exits, but a quick and orderly transition has been appropriate for some time. The time to move to something else is ending soon. I don't recommend SHA-1 for new signatures, but if you have a choice between sending a SHA-1 message which your recipient can verify or a SHA-256 message which your recipient can't, well -- that math's pretty easy to do. SHA-1 isn't a good choice for new signatures, but it's a lot better than no signature. I don't generate signatures with algorithms I consider insecure because that leads to people being able to forge signatures in my name. If I use MD5, even for one message, that allows a moderately determined attacker to replay that signature on what is likely to become a fairly large set of messages. I'd rather avoid that, thank you. I'm not going to cater to people using really old versions, especially when security is involved. The good news is that no one's asking you to. You're only being advised, don't use --digest-algo SHA256, it's unwise and can break interoperability. Use --personal-digest-preferences SHA256 instead. This is the same advice that has been given by the GnuPG developers, by the Enigmail team, and by many other people within the community. It's a best-practices thing for GnuPG. The question is, will GnuPG fall back to SHA-1 if it's not in my digest preferences? I'd much rather fail to generate a signature than generate one using an algorithm which is very weak. [0] http://eprint.iacr.org/2011/641 -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/10/2012 7:59 PM, brian m. carlson wrote: SHA-1 is considered cryptographically broken. It does not provide the level of security it claims. Yes. This is not the same as being *insecure*, though, which is what was claimed. Moving from cryptographically broken to insecure/dead is about as large a step as going from nothing to cryptographically broken. MD5 was cryptographically broken in 1996. We didn't see major practical results against it until 2005 or so, and NIST didn't declare it to be dead and should no longer be used until 2010. There's some serious lag time there. SHA-1 will likely not have as long of a lag time, but let's not go about pretending there is no lag time or that the lag time has already elapsed. There tends to be a lot of scaremongering in the world of crypto. I think it's generally wise to be careful in our declarations. It is enough to say SHA-1 is known to not meet its design specifications and that some fairly devastating attacks against it will likely be coming along in the near future. That's already a good enough reason to reduce our usage of and dependency upon SHA-1. There's no need to fearmonger about how the algorithm has already collapsed, because it hasn't. Practically, collisions can be generated for 75 of the 80 rounds[0]. Right now, only random collisions can be generated. That's not any use in forging a signature, which requires a preimage collision. A cryptographic break is not the same as a practical exploit. I don't generate signatures with algorithms I consider insecure because that leads to people being able to forge signatures in my name. Then you need to stop using OpenPGP altogether, because you're already generating SHA-1 signatures with your certificate which can be lifted and dropped onto new messages if/when a preimage attack is introduced against SHA-1. Let me make this really clear: if you believe SHA-1 is insecure, you believe OpenPGP is insecure and you should stop using it. SHA-1 is hardwired into the OpenPGP spec in a few different places and, as of right now, cannot really be removed. The new V5 key format will almost certainly change this, but V5 won't be coming out for a good long while yet. If I use MD5, even for one message, that allows a moderately determined attacker to replay that signature on what is likely to become a fairly large set of messages. I'd rather avoid that, thank you. You've *already done this*. If you truly believe this, stop using OpenPGP. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/10/2012 8:15 PM, Robert J. Hansen wrote: Then you need to stop using OpenPGP altogether, because you're already generating SHA-1 signatures with your certificate which can be lifted and dropped onto new messages if/when a preimage attack is introduced against SHA-1. After re-reading this, I need to back off from this paragraph a bit. I apologize -- I've been up for almost 24 hours now and my thinking is a bit hazy. I know SHA-1 is hardwired into the spec, but without going to the spec and reading it closely I'm not 100% certain that SHA-1 *signatures* are hardwired into the spec, and frankly I'm too tired to do a detailed read of RFC4880 right now. My apologies. The general point remains, though, that if you believe SHA-1 is insecure then you need to stop using OpenPGP. A preimage collision against SHA-1 breaks OpenPGP into a lot of tiny little pieces. Little kids might still find those pieces useful for gluing to paper plates and giving to their parents to hang on refrigerators, but for the rest of us we're unlikely to have any further uses. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The general point remains, though, that if you believe SHA-1 is insecure then you need to stop using OpenPGP. Well, Yes, and No. ;-) SHA1 is hardwired into the fingerprint of v4 keys. An open pgp consensus on a v5 key will not happen overnight. So when is it reasonable enough to suggest that SHA1 is broken enough to start working on a v5 key? vedaal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (MingW32) Comment: Acts of Kindness better the World, and protect the Soul Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJP/QPlAAoJEFBvT6HTX7GGwUgQAI3eHOQ9eNxuuXM6yzdB9jm0 BoE8bGXu9TyVlRFqUEieVjzmHYisxlsipto5YLfxyYHNqpPIz7ZTbUrWA1pXDqNe pNZnxz6uRIW2qCof09D4jxdev7n4FzjZ0ugWY5wbb9alkJlqp59UTku+Oa+V47V6 yf4pl3CW2YSN1sB0roX4GY2K/UWa2I3cbllOIUFvBjXhWcm+b7qSmWkaY5O5yzrC zqh53KqSekcaQch+NVJibs71kTK1O5iOX9H4Oa69VCkhJXtaex6ZUSfwIrSv+vVl iJ6qH6LBYqF4hMg3QgkE/p2MEey4vOzBmOAp7CkL0IuZingFzIHu7mPIgc2wgxDz UvwK68hT7kZkRt501rELT4OwLJhIx9xth7DC/Rj1dhyGpZWZiGVgu1MRvziCIcrk di/yhTNQrcJGJCVf8oWH3tPkedaUNRBaksZNcNhbe5Gyes/rBBDPmmlmTR9AMcyG +Bl7nf3jfOM7UsVXOcyqEXDiuYpInmrbkkk2BRv8PxmvfI0Y3qW2Zk3RVNY7ZNb/ 8sSOVGD+BTmygUlYS07mwY1q3aWpBdBFTSEKa5pU/w3ZZtSPARj9+SfTLNLjeTLm UgTthE3SqHTMrJtWCsGmvGTR73PYcthQXqvJkCUTHA/mYtEOTkG7eKfiXyJytMz8 QeUvM1NtSkDT6ypGGmRn =+ApG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/11/2012 12:41 AM, vedaal wrote: SHA1 is hardwired into the fingerprint of v4 keys. As soon as a V5 key spec is released, I'll revise my statement. Until then, OpenPGP has an unfortunate dependency on hashes that do not have good long-term prospects. :) So when is it reasonable enough to suggest that SHA1 is broken enough to start working on a v5 key? V5 discussions will not kick off in earnest until NIST announces the new hash standard, or so I've heard people from the working group say. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users