Am Mi 11.07.2012, 22:10:11 schrieb Daniel Kahn Gillmor:
If the attacker can convince you to sign a chosen text (perhaps one that
looks reasonable), then a failure in the digest's collision-resistance
could very well be used to replay that signature over a different (but
colliding) text (which
On Wed, 11 Jul 2012 22:55, nicholas.c...@gmail.com said:
But one thing that might be helpful to explain is this: what needs to
be in the V5 key format aside from the change in fingerprint hash?
Aside from that issue, the V4 key format seems to have been resilient.
What are the other issues
On 07/12/2012 08:16 AM, Werner Koch wrote:
On Wed, 11 Jul 2012 22:55, nicholas.c...@gmail.com said:
But one thing that might be helpful to explain is this: what needs to
be in the V5 key format aside from the change in fingerprint hash?
Aside from that issue, the V4 key format seems to have
On Wed, 11 Jul 2012 07:56, r...@sixdemonbag.org said:
V5 discussions will not kick off in earnest until NIST announces the new
hash standard, or so I've heard people from the working group say.
And even then it will take 5 years or so until it it has been deployed
widely. Even GnuPG 1.2 is
I'd much rather fail to generate a signature than generate
one using an algorithm which is very weak.
My feelings as well.
Date: Tue, 10 Jul 2012 23:59:45 +
From: sand...@crustytoothpaste.net
To: gnupg-users@gnupg.org
Subject: Re: why is SHA1 used? How do I get SHA256 to be used
On Wed, Jul 11, 2012 at 11:25 AM, Werner Koch w...@gnupg.org wrote:
On Wed, 11 Jul 2012 07:56, r...@sixdemonbag.org said:
V5 discussions will not kick off in earnest until NIST announces the new
hash standard, or so I've heard people from the working group say.
And even then it will take 5
On Tue, Jul 10, 2012 at 08:15:32PM -0400, Robert J. Hansen wrote:
There tends to be a lot of scaremongering in the world of crypto. I
think it's generally wise to be careful in our declarations. It is
enough to say SHA-1 is known to not meet its design specifications and
that some fairly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 7/11/2012 9:23 PM, brian m. carlson wrote:
If I use MD5, even for one message, that allows a moderately
determined attacker to replay that signature on what is likely to
become a fairly large set of messages. I'd rather avoid that, thank
On 7/11/2012 9:23 PM, brian m. carlson wrote:
Really? I'm pretty sure that I'm not generating SHA-1 signatures.
This is not necessarily relevant.
Here's a thought experiment for you. Someone creates a DSA-1k key and
uses --cert-digest-algo SHA256 and --enable-dsa2. This creates 160-bit
Am Mi 11.07.2012, 23:13:00 schrieb vedaal:
(A clever, malicious attacker could backdate the clock,
and have a forgery of something you did in the past,
when you couldn't claim:
Hey, that's an obvious forgery!
I'm on record as saying I would never use SHA1 to sign anything anymore!)
So
You're arguing two different contradictory things here:
I'm not saying these attacks exist practically today against SHA1 (i
don't know if they do), but collision-resistance is the relevant
property, not resistance to pre-image attacks.
And then:
The places where it is thoroughly baked in
On 07/10/2012 06:15 PM, Robert J. Hansen wrote:
Right now, only random collisions can be generated. That's not any use
in forging a signature, which requires a preimage collision.
If the attacker can convince you to sign a chosen text (perhaps one that
looks reasonable), then a failure in the
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello Robert !
Robert J. Hansen r...@sixdemonbag.org wrote:
I think that by default, --gnupg is in use; --gnupg means --openpgp
This means strict OpenPGP behaviour: MD5, SHA1, RIPEMD160
Nope.
Try using --digest-algo SHA256 in the command
On 7/10/2012 1:59 AM, Laurent Jumet wrote:
The question was: why does GPG uses another preference that the primary
one?
The short answer is, because it has to, and because you've configured
it that way.
I've the same problem, this ClearSign message is in RIPEMD160 despite it's
not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert J. Hansen wrote:
On 7/9/2012 10:04 PM, vedaal wrote:
which open-pgp implementation can't read/verify SHA-256
PGP 8.0 or before. SHA-256 was introduced in 8.1, if I recall
correctly. There are still a *lot* of people using 6.5.8.
I
On 7/10/2012 4:58 AM, Andy Ruddock wrote:
I used the information in this article :
It is still substantially accurate and useful, as near as I can tell.
(I still think cert-digest-algo sha256 is unnecessary at this point in
time, but I understand why he believes otherwise, and his perspective is
-laging.de
To: gnupg-users@gnupg.org
Subject: Re: why is SHA1 used? How do I get SHA256 to be used?
Date: Mon, 9 Jul 2012 23:56:11 +0200
Am Mo 09.07.2012, 17:45:37 schrieb Sam Smith:
Here's the result of ShowPRef for my key:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA256, SHA1, SHA384
really old versions,
especially when security is involved.
Date: Mon, 9 Jul 2012 23:10:27 -0400
From: r...@sixdemonbag.org
To: gnupg-users@gnupg.org
Subject: Re: why is SHA1 used? How do I get SHA256 to be used?
On 7/9/2012 10:04 PM, vedaal wrote:
which open-pgp implementation can't read
SHA1 is no longer secure.
At the present moment, SHA-1 is just fine. In the fairly near future,
anywhere between six months to a few years, I expect this will change.
But SHA1 is no longer secure is factually untrue, at least where
OpenPGP is concerned.
I don't recommend SHA-1 for new
Am Di 10.07.2012, 08:26:14 schrieb Sam Smith:
Hauke, thank you so much for explaining this. Would you be so kind as to
describe how exactly I should edit my config file to accomplish SHA256?
As Rob already mentioned: You need --personal-digest-preferences (which is
just
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello Hauke !
Hauke Laging mailinglis...@hauke-laging.de wrote:
As Rob already mentioned: You need --personal-digest-preferences (which is
just personal-digest-preferences in the config file). You put your favourite
first, e.g.:
On 10/07/12 16:39, Laurent Jumet wrote:
Do you succeed in having a SHA256 hash with this statement? How can I
explain that I have RIPEMD160 instead?
Like Rob said,
Also note that you're using a 1k DSA key for signing, so is it really so
surprising you're using a 160-bit hash algorithm?
To
Am Di 10.07.2012, 16:39:20 schrieb Laurent Jumet:
personal-digest-preferences SHA256,RIPEMD160,SHA1
Do you succeed in having a SHA256 hash with this statement?
Yes, I do. Just tried.
How can I explain that I have RIPEMD160 instead?
Two possibilities come to my mind:
1) I
On Jul 10, 2012, at 10:39 AM, Laurent Jumet wrote:
Hauke Laging mailinglis...@hauke-laging.de wrote:
As Rob already mentioned: You need --personal-digest-preferences (which is
just personal-digest-preferences in the config file). You put your favourite
first, e.g.:
On 7/10/2012 10:39 AM, Laurent Jumet wrote:
Do you succeed in having a SHA256 hash with this statement? How can I
explain that I have RIPEMD160 instead?
I apologize for repeating myself here: I don't mean to be condescending,
but apparently my answer was not clear. I'll try to be more clear.
On Tue, Jul 10, 2012 at 10:10:12AM -0400, Robert J. Hansen wrote:
SHA1 is no longer secure.
At the present moment, SHA-1 is just fine. In the fairly near future,
anywhere between six months to a few years, I expect this will change.
But SHA1 is no longer secure is factually untrue, at
On 7/10/2012 7:59 PM, brian m. carlson wrote:
SHA-1 is considered cryptographically broken. It does not provide
the level of security it claims.
Yes. This is not the same as being *insecure*, though, which is what
was claimed. Moving from cryptographically broken to insecure/dead
is about
On 7/10/2012 8:15 PM, Robert J. Hansen wrote:
Then you need to stop using OpenPGP altogether, because you're already
generating SHA-1 signatures with your certificate which can be lifted
and dropped onto new messages if/when a preimage attack is introduced
against SHA-1.
After re-reading
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The general point remains, though,
that if you believe SHA-1 is insecure
then you need to stop using OpenPGP.
Well, Yes, and No. ;-)
SHA1 is hardwired into the fingerprint of v4 keys.
An open pgp consensus on a v5 key will not happen overnight.
On 7/11/2012 12:41 AM, vedaal wrote:
SHA1 is hardwired into the fingerprint of v4 keys.
As soon as a V5 key spec is released, I'll revise my statement. Until
then, OpenPGP has an unfortunate dependency on hashes that do not have
good long-term prospects. :)
So when is it reasonable enough to
Here's the result of ShowPRef for my key:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
SHA1 is showing up second. So when I sign a message, why isn't SHA256 used? The
headers on my emails appear to
Am Mo 09.07.2012, 17:45:37 schrieb Sam Smith:
Here's the result of ShowPRef for my key:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
SHA1 is showing up second. So when I sign a message, why isn't
Hello Sam !
Sam Smith smick...@hotmail.com wrote:
Here's the result of ShowPRef for my key:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA256, SHA1, SHA384, SHA512, SHA224
Compression: ZLIB, BZIP2, ZIP, Uncompressed
SHA1 is showing up second. So when I sign a message, why
On 07/09/2012 06:18 PM, Laurent Jumet wrote:
I think that by default, --gnupg is in use; --gnupg means --openpgp
This means strict OpenPGP behaviour: MD5, SHA1, RIPEMD160
Nope.
Try using --digest-algo SHA256 in the command line or GPG.CONF;
may be you'll need to suppress
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 7/9/2012 7:12 PM, Robert J. Hansen wrote:
DON'T USE --cipher-algo OR --digest-algo UNLESS YOU KNOW EXACTLY WHAT YOU'RE
DOING AND WHY. IT'S
EASY TO CREATE MESSAGES YOUR RECIPIENT CANNOT READ.
which open-pgp implementation can't read/verify
On 7/9/2012 10:04 PM, vedaal wrote:
which open-pgp implementation can't read/verify SHA-256
PGP 8.0 or before. SHA-256 was introduced in 8.1, if I recall
correctly. There are still a *lot* of people using 6.5.8.
___
Gnupg-users mailing list
36 matches
Mail list logo