[Pkg-gnupg-maint] Bug#725679: gnupg: does not seem to honor preferred hash algos list of the key being signed

Werner Koch wk at gnupg.org
Wed Oct 9 05:57:14 UTC 2013


On Wed,  9 Oct 2013 01:09, sanvila at unex.es said:

> Sorry but I'm not a cryptographer. Do you mean that as far as there is
> not a known exploit, there is nothing to worry about?

No.  A threat model is used to answer several questions for example:
"What do you want to protect against".  In this case you would for
example need to evaluate whether a collision attack on the hash is part
of the threat mode: Such an attack can only be mounted by the owner of
the signing key (the signing party) - but the owner could also create
two signatures on different files. So, this does not matter.

BTW, A second pre-image attack (finding data which yields the same hash
value as a specific given data) is way more complex than a collision
attack.  There are not even signs on how that can be done with SHA1.
Actually it is not even known how to do a collission attack on SHA1 -
but granted, we expect that this may happen in the next few years.

> There is a preference list for digests that I can set in my key and
> publish on the keyservers, but apparently there is not a preference
> list for the digest algorithm used in key signign (I naively thought

David already explained that.  The hash preferences work only in a
special case - usually there is no way for a verifying party to tell
the signing part what algorithm to use.  There is one signing party but
often hundreds or more of verifying parties.  Thus is is better to agree
on a widely deployed standard.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the Pkg-gnupg-maint mailing list