SHA1 being used despite public key preferences
smujohnson at gmail.com
Wed Oct 20 21:08:29 CEST 2010
On Wed, Oct 20, 2010 at 11:52 AM, David Shaw <dshaw at jabberwocky.com> wrote:
> GnuPG itself defaulted to "RIPEMD/160 SHA-1" when generating keys. The
> surprise was from those people who hadn't changed anything on their key -
> one day they were using SHA-1, then after upgrading GnuPG to the version
> that actually made use of the hash preferences, they would suddenly find
> themselves using RIPEMD/160.
Sure, this is confusing, but since experts such as Bruce Schneier say to
quit using SHA-1, I don't think this is a good enough reason to justify
using to a broken algorithm. Maybe it was set up beforehand and simply
hasn't changed yet... if so, this is the reason for the thread I started,
and I am not blaming anyone.
> I'm not yet convinced a change is necessary here, but if something really
> needs to change, I would say that a better answer would be to make
> personal-digest-preferences not default to anything at all. This would make
> it match the other personal-XXX-preferences, and allow the recipient keys to
> specify whatever the like (as is true for ciphers). If a user chooses to
> restrict this list further, that's up to them.
This is my favourite solution. This way, I won't have to ask every single
newcomer to GnuPG sending me signed messages to request my key prefs for
digest algorithms. I do think the change is necessary however... simply
because of the reason I gave above. If someone like Bruce Schneier said to
change it in 2005 and 2010, and he's not the only one to agree on this
point, and because he obviously knows way more about cryptography security
than I do... then the need for change sounds like a no-brainer to me. If
that isn't enough, what about the paper published in 2008 showing 2^51
complexity for a collision? With those reasons, I can't think of a single
case for defaulting to SHA-1 in this day-and-age... even if it might cause a
small amount of confusion for some people. I think it's worth the price.
The people who it might confuse might learn to update their prefs anyway...
all I see is good coming from that change. It might educate some people a
bit on the safe hashes to use in 2010, I don't know.
Thanks for your continued input.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel