sha1 hash using libgcrypt different from what returns sha1sum
Werner Koch
wk at gnupg.org
Tue Nov 12 18:34:24 CET 2013
On Tue, 12 Nov 2013 00:44, yumkam at gmail.com said:
> I strongly believe this is a bug, I have not found any such behavior in standard
You are right. This is a limitation of the code which was never hit in
practice until now - at least I hope so. The more disturbing fact is
that this also affects GPG encrypted files: SHA-1 is used for an MDC to
protect the encrtpted messages. If both parties use GPG, this won't be
a problem but it is not standard compliant.
Now, what shall we do with GPG?
- Fix the code and hope that no encrypted files larger than 256GB need
decryption?
- Fix and print a warning for an MDC mismatch in case the file is too
long.
- Fix and add an option to use the unfixed SHA-1 code? Takes a lot of
time for processing.
Anyone tested this with PGP?
> There are exactly same bug with sha256 and md5 implementations (but, curiously,
> there are *no* similar problem in sha512).
SHA-512 uses a 64 bit type for the counter because its implementation
requires a 64 bit type anyway.
Salam-Shalom,
Werner
p.s.
Funny that Libgcrypt passes the FIPS validation.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list