A coming attack on PGP, and a way to mitigate it

Daniel Franke df at dfranke.us
Mon May 4 05:13:35 CEST 2009

David Shaw <dshaw at jabberwocky.com> writes:

> I rather like this idea.  I was thinking that a good way to tie it
> into the GPG way of doing things would be another one of the %- 
> expandos.  So you could do something like set a notation for
> "random at example.com
> =%10r" for 10 digits of random hex, %15r for 15 digits, etc.
> Before we go down this road, however, it might be worth waiting the
> (should be short) period of time before the new SHA-1 paper is
> formally published and people can give it a good read over.  The
> slides are good, but I think it's healthy to get a better notion of
> the attack before we implement a countermeasure (even one as harmless
> to compatibility as this).

I wrote a followup last night retracting this idea, as it isn't quite
going to work.  For some reason though, it never got redelivered back
to me even though it's in the ML archive:


Did you receive it but overlook it before writing this response, or
did it get dropped?

Leaving this message unsigned in case the signature has something
to do with screwing up delivery.

 Daniel Franke         df at dfranke.us         http://www.dfranke.us
 |----| =|\     \\\\    
 || * | -|-\---------   Man is free at the instant he wants to be. 
 -----| =|  \   ///     --Voltaire

More information about the Gnupg-devel mailing list