un-trusting MD5 in gpg

David Shaw dshaw at jabberwocky.com
Mon May 4 13:16:34 CEST 2009

On May 4, 2009, at 4:09 AM, Werner Koch wrote:

> On Mon,  4 May 2009 04:44, dshaw at jabberwocky.com said:
>> +    if(sig->digest_algo==DIGEST_ALGO_MD5)
>> +      return G10ERR_BAD_SIGN;
> I don't think that this is helpful.  It catches one common case but  
> does
> not catch all the other cases where a signature is used for a  
> malicious
> purpose.  There are many other ways of doing so, for example leaking
> ones own key.  A signature is a statement of the signer about  
> something
> he believes.  We can't force him to believe the Right Thing.

Certainly not.  That code is just a hack for Daniel Gillmor to see how  
feasible it is in practice to run without MD5.  It is not at all a  
rigorous solution to the problem.  It's also not at all something  
appropriate to include in GPG without quite a bit of other work (it  
breaks half the selftests, causes --print-mds to hit a BUG() case, etc).


More information about the Gnupg-devel mailing list