un-trusting MD5 in gpg

David Shaw dshaw at jabberwocky.com
Mon May 4 16:46:40 CEST 2009

On May 4, 2009, at 10:17 AM, Daniel Kahn Gillmor wrote:

> I'll give David's patch a try shortly, just to see how much of my
> OpenPGP-related workflow breaks.  I'll report back here with anything
> interesting that i find.
> Wouldn't it make more sense to return G10ERR_DIGEST_ALGO instead of
> G10ERR_BAD_SIGN, though?  libgpg-error suggests that it means "Invalid
> Digest Algorithm".  Any reason i shouldn't do that instead?

Either one is fine for the purpose of this test.  The goal is just to  
temporarily break MD5 to see what happens.  Almost any return code  
will do that.

> On 05/04/2009 04:09 AM, Werner Koch wrote:
>> What can be done is to print a warning (already on our task list)  
>> and to
>> implement an option to ignore signatures done with digest algorithm  
>> foo
>> (similar to --disable-cipher-also)
> Yes, something like --disable-digest-algo is the direction i think gpg
> should be heading.

--disable-digest-algo, if implemented the same way as --disable-cipher- 
algo, implies that the hash won't exist at all for that run.  That  
means it won't be present even for things like --print-md.  Is that  
the intention here?  I'm not against it, but I recall seeing a few  
people using "gpg --print-md md5" as an alternative to "md5sum".  We  
might want to do something more surgical and just block MD5  
verification for the OpenPGP operations (though completely removing  
the hash has the appeal of simplicity).


More information about the Gnupg-devel mailing list