1.3.6 cert signatures

Atom 'Smasher' atom at suspicious.org
Sun Jul 25 08:24:41 CEST 2004

Hash: SHA256

On Sun, 25 Jul 2004, David Shaw wrote:

> Incidentally, don't assume that because SHA-256 is larger than SHA-1
> that it is stronger.  Remember the lesson of SHA-0.

very true. i have to admit that i was ASSuming that the difference in 
strength between SHA-1 and SHA-256 is straightforward... but history may 
prove otherwise.

> Programs do not become obsolete overnight.  PGP 2.x is generally
> considered obsolete, but that took *years* (and some people seem to
> have missed the memo).  GnuPG doesn't even support generating SHA-256
> signatures yet.  You are using a development build (or hacking 1.2.x)
> to do it, so it's rather premature to claim that the actual released
> version of GnuPG is now obsolete...

i don't want to imply that the release branch is obsolete, or even lacking 
anything for 99.99% of users... i'm well aware that i'm pushing things to 
the limit.

i can't remember the last time a saw a 1.2.2 version header. (are GnuPG 
users just more likely than PGP users to upgrade regularly?) i'm 
generating the SHA-256 certs with 1.3.x, and 1.2.4 seems to handle them 
fine. i have both versions installed on my desktop, and did enough testing 
between them that i'm happy with it.

> Not today.  Not tomorrow.  Next year?  I don't know.  I have not
> rigorously tested interoperability with SHA-256 certification
> signatures.  I have seen some anecdotal evidence, but nothing more.
> It may just not work without harming much else, or it may fail in some
> large and messy manner under certain conditions.  Not enough data yet.

i guess i'll be the guinea pig ;)

> To a certain extent, I guess I have cast my vote on the issue since
> GnuPG 1.2.x cannot generate SHA-256 certification signatures and GnuPG
> 1.3.x can.
> Even when 1.3.x becomes GnuPG 1.4, though, the default will remain
> SHA-1.  People will need to explicitly set the digest to SHA-256 if
> they want to.

as long as most people are using DSA primary keys, most people will never 
generate a cert signature with anything but SHA-1.

while we're kind of on the topic, i noticed these things when signing keys 
with 1.3.6:

1) if i do explicitly set it to generate a cert with SHA-256, and i'm 
signing something with a DSA key, gpg will consider it a hard error and 
exit. would it make more sense to just issue a warning in that case? i'm 
not going to ask for a "cert-digest-preferences" option.

2) according to the 1.3.6 man page, "--ask-cert-level" should be on by 
default. that seems to be incorrect.


  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Under this law (Controlled Substances Act) a bureaucrat -
 	 usually not elected - decides whether or not a substance
 	 is dangerous and how dangerous that substance is. There's
 	 no more messing around with legislatures, presidents, or
 	 other bothersome formalities. When MDMA (ecstasy) was made
 	 illegal in 1986, no elected official voted on that. It was
 	 done "in house." People are now in jail because they did
 	 something that an administrator declared was wrong."
 		-- Peter McWilliams,
 		"A Closer Look at the Consensual Crimes"
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures


More information about the Gnupg-devel mailing list