1.3.6 cert signatures

David Shaw dshaw at jabberwocky.com
Sun Jul 25 19:35:46 CEST 2004

Hash: SHA1

On Sun, Jul 25, 2004 at 02:24:41AM -0400, Atom 'Smasher' wrote:
> On Sun, 25 Jul 2004, David Shaw wrote:
> > Incidentally, don't assume that because SHA-256 is larger than SHA-1
> > that it is stronger.  Remember the lesson of SHA-0.
> ================
> very true. i have to admit that i was ASSuming that the difference in 
> strength between SHA-1 and SHA-256 is straightforward... but history may 
> prove otherwise.

Yes.  SHA-1 has been around and studied since 1995 - nearly 10 years.
SHA-256 has only been around since 2001.

> > Programs do not become obsolete overnight.  PGP 2.x is generally
> > considered obsolete, but that took *years* (and some people seem to
> > have missed the memo).  GnuPG doesn't even support generating SHA-256
> > signatures yet.  You are using a development build (or hacking 1.2.x)
> > to do it, so it's rather premature to claim that the actual released
> > version of GnuPG is now obsolete...
> ==================
> i don't want to imply that the release branch is obsolete, or even lacking 
> anything for 99.99% of users... i'm well aware that i'm pushing things to 
> the limit.
> i can't remember the last time a saw a 1.2.2 version header. (are GnuPG 
> users just more likely than PGP users to upgrade regularly?)

I'm not sure, but remember that 1.2.4 contained a security fix (the
Elgamal signing keys) that was announced pretty widely, and caused
various *nix distributions to issue neatly packaged updates.  After
that, I'm not surprised that most people who care at all about using
GnuPG upgraded.

I've noticed in the PGP world, the users who don't upgrade do tend to
upgrade within a particular series of PGP.  So PGP 6 people will use
the latest PGP 6, but not upgrade to PGP 7 or 8, etc.  This sort of
makes sense since each major release of PGP has had fairly different
characteristics (command line available or not, source code release or
not, and so on).

> i'm generating the SHA-256 certs with 1.3.x, and 1.2.4 seems to
> handle them fine. i have both versions installed on my desktop, and
> did enough testing between them that i'm happy with it.

The SHA-256 code is identical between the two.  The only difference is
that 1.2.4 has some extra code in the main program to prevent people
from making signatures with it (or 384/512).

Did you try the SHA-256 cert signatures with PGP 8?

> 1) if i do explicitly set it to generate a cert with SHA-256, and
> i'm signing something with a DSA key, gpg will consider it a hard
> error and exit. would it make more sense to just issue a warning in
> that case? i'm not going to ask for a "cert-digest-preferences"
> option.

No.  This is a hard error, since you asked GnuPG to do something that
is not possible (use a >160-bit hash with DSA).  A warning (and
presumably using SHA-1 as the hash) risks doing something the user did
not desire to happen.

> 2) according to the 1.3.6 man page, "--ask-cert-level" should be on by 
> default. that seems to be incorrect.

Yes.  That's a documentation error.  --ask-cert-level is off by

Version: GnuPG v1.3.6-cvs (GNU/Linux)


More information about the Gnupg-devel mailing list