The two V3 attacks

Werner Koch wk at gnupg.org
Mon Jun 25 11:17:45 CEST 2012


On Mon, 25 Jun 2012 09:32, guninski at guninski.com said:

> You *knowingly* distribute vulnerable warez for a long time?

Do you mean the v5 format or the use of MD5 (ie. PGP2 compatible v3
keys).

The v5 format will allow to migrate form a SHA-1 fingerprint to a
SHA-{2,3} fingerprint.  It will take many years but there is likely
enough time left.  We currently don't expect to see a SHA-1 second
second pre-image any time soon.  Collision attacks on the fingerprint
might have some bad consequences but the they won't lower the security
of the signatures.  New keys use SHA-2 for signatures - this is in
contrast to PGP2 which uses MD5 for everything. 

Waiting for the outcome of the SHA-3 competition is just the Right Thing
to do given that there are no SHA-1 attacks on the horizon.

Regarding the v3 format: Well, I'd love to drop it and actually we now
agreed to implement that as the default - along with an option to revert
this default.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list