un-trusting MD5 in gpg

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue May 5 05:26:34 CEST 2009


On 05/04/2009 10:46 AM, David Shaw wrote:
> Either one is fine for the purpose of this test.  The goal is just to
> temporarily break MD5 to see what happens.  Almost any return code will
> do that.

OK, i'll make that change.

> --disable-digest-algo, if implemented the same way as
> --disable-cipher-algo, implies that the hash won't exist at all for that
> run.  That means it won't be present even for things like --print-md. 
> Is that the intention here?

Hrm.  i've been considering Daniel Nagy's recent observation on
ietf-openpgp [0] that some uses of a digest algorithm within OpenPGP
(self-signatures, in particular) actually only rely on hash function
one-wayness, not collision-resistance.

It could be useful (though quite possibly "too configurable") to be able
to reject the use of a given digest under circumstances where
collision-resistance is needed (data signatures and non-self
certifications, for example), while permitting it under circumstances
where only one-wayness is needed (self-signatures).  I have no idea how
to communicate this idea in anything resembling a sane UI or
configuration file that would be intelligible to normal users, though.

	--dkg

[0] http://www.imc.org/ietf-openpgp/mail-archive/msg33252.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090504/4d5908a7/attachment-0001.pgp>


More information about the Gnupg-devel mailing list