un-trusting MD5 in gpg
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue May 5 05:26:34 CEST 2009
On 05/04/2009 10:46 AM, David Shaw wrote:
> Either one is fine for the purpose of this test. The goal is just to
> temporarily break MD5 to see what happens. Almost any return code will
> do that.
OK, i'll make that change.
> --disable-digest-algo, if implemented the same way as
> --disable-cipher-algo, implies that the hash won't exist at all for that
> run. That means it won't be present even for things like --print-md.
> Is that the intention here?
Hrm. i've been considering Daniel Nagy's recent observation on
ietf-openpgp [0] that some uses of a digest algorithm within OpenPGP
(self-signatures, in particular) actually only rely on hash function
one-wayness, not collision-resistance.
It could be useful (though quite possibly "too configurable") to be able
to reject the use of a given digest under circumstances where
collision-resistance is needed (data signatures and non-self
certifications, for example), while permitting it under circumstances
where only one-wayness is needed (self-signatures). I have no idea how
to communicate this idea in anything resembling a sane UI or
configuration file that would be intelligible to normal users, though.
--dkg
[0] http://www.imc.org/ietf-openpgp/mail-archive/msg33252.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090504/4d5908a7/attachment-0001.pgp>
More information about the Gnupg-devel
mailing list