SHA3 IANA registration - method?

Andrey Jivsov openpgp at
Fri Dec 14 19:32:58 CET 2012

On 12/14/2012 10:11 AM, Daniel Kahn Gillmor wrote:
> On 12/14/2012 12:55 PM, Andrey Jivsov wrote:
>> The use of fingerprints in OpenPGP
>> should be viewed as dependent on collision resistance of the hash
>> function,
> My recollection from the review and discussion i participated in was
> that the OpenPGP fingerprint's security was dependent on the preimage
> resistance of the hash function, not on the collision resistance.
> If that's correct, OpenPGP should be OK on the fingerprint for a while
> yet (modulo some organizations that just want to be rid of "old" digest
> algorithms without understanding the nuances in where they're used).
> Can you describe an attack that might show how weak collision resistance
> could compromise the fingerprint?

Here is one scenario.

I generate two keys A,B with the same fingerprint. I provide the key A 
to another party. Another party encrypts a message to me using this key.

At some later point that party deletes the key A, but diligently keeps 
the audit log that states that the fingerprint of the key A was used to 
encrypt a message to me. After all, the key was initially trusted by its 
fingerprint, so it seems OK to only save the fingerprint.

 From this point I can claim repudiation (aka an alibi), stating that 
the sender has never properly encrypted the message to me that I could 
have ever read. Here is my key (B) with the same fingerprint that 
matches the one that the server has but this key doesn't decrypt the 

More information about the Gnupg-devel mailing list