Panu Matilainen writes:
> On 11/1/21 14:07, Justus Winter wrote:
>> Neal Gompa writes:
>>
>>> On Thu, Oct 28, 2021 at 11:17 AM Justus Winter
>>> wrote:
Panu Matilainen writes:
>> https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5
Justus Winter writes:
> Looking at the task for roughly an hour or so (so, take it with a grain
> of salt...), my strategy would be to decouple the current implementation
> by clearly defining the public API, then provide a drop-in replacement
> for that API that can be enabled
Panu Matilainen writes:
> On 10/25/21 18:06, Justus Winter wrote:
>> Panu Matilainen writes:
I have also skimmed RPM's code. From what I can tell, the relevant code
is in rpmio/{rpmpgp,rpmkeyring,digest}*, the public API uses the "rpm"
prefix, "pgp"-prefixed functions and types
On 10/25/21 18:06, Justus Winter wrote:
Panu Matilainen writes:
I have also skimmed RPM's code. From what I can tell, the relevant code
is in rpmio/{rpmpgp,rpmkeyring,digest}*, the public API uses the "rpm"
prefix, "pgp"-prefixed functions and types are hardly used outside of
the PGP
On 11/1/21 14:07, Justus Winter wrote:
Neal Gompa writes:
On Thu, Oct 28, 2021 at 11:17 AM Justus Winter wrote:
Panu Matilainen writes:
https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5
- accepts MD5 signatures !!!
Justus Winter writes:
> Even though second preimage attacks on these two hash functions are
> still very expensive, the shattered paper demonstrates that hash
> collisions are enough to re-purpose an OpenPGP signature.
>
> https://shattered.io/
Sorry, I meant the SHA-1 is a Shambles paper.
Neal Gompa writes:
> On Thu, Oct 28, 2021 at 11:17 AM Justus Winter wrote:
>>
>> Panu Matilainen writes:
>>
>> >> https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5
>> >>
>> >> - accepts MD5 signatures !!!
>> >>
>> >>