un-trusting MD5 in gpg
dshaw at jabberwocky.com
Mon May 4 16:46:40 CEST 2009
On May 4, 2009, at 10:17 AM, Daniel Kahn Gillmor wrote:
> I'll give David's patch a try shortly, just to see how much of my
> OpenPGP-related workflow breaks. I'll report back here with anything
> interesting that i find.
> Wouldn't it make more sense to return G10ERR_DIGEST_ALGO instead of
> G10ERR_BAD_SIGN, though? libgpg-error suggests that it means "Invalid
> Digest Algorithm". Any reason i shouldn't do that instead?
Either one is fine for the purpose of this test. The goal is just to
temporarily break MD5 to see what happens. Almost any return code
will do that.
> On 05/04/2009 04:09 AM, Werner Koch wrote:
>> What can be done is to print a warning (already on our task list)
>> and to
>> implement an option to ignore signatures done with digest algorithm
>> (similar to --disable-cipher-also)
> Yes, something like --disable-digest-algo is the direction i think gpg
> should be heading.
--disable-digest-algo, if implemented the same way as --disable-cipher-
algo, implies that the hash won't exist at all for that run. That
means it won't be present even for things like --print-md. Is that
the intention here? I'm not against it, but I recall seeing a few
people using "gpg --print-md md5" as an alternative to "md5sum". We
might want to do something more surgical and just block MD5
verification for the OpenPGP operations (though completely removing
the hash has the appeal of simplicity).
More information about the Gnupg-devel