please change the default hashing algorithm
Andrew Clausen
andrew.p.clausen at gmail.com
Tue Jul 14 21:13:20 CEST 2015
Excerpts from Ben McGinnes's message of 2015-07-14 19:47:07 +0100:
> > It's kind of you to offer your help, but my email wasn't a request for support.
> > I was requesting that GPG be modified so that it doesn't use insecure hashing
> > algorithms by default. It seems that "modern" GPG does this, but not "classic"
> > GPG, which I believe is more popular.
>
> Ah, classic, if the concern pertains to the majority of end users that
> will be effectively neutralised when the switch to ECC forces them off
> classic and onto modern.
I worry that this might still be some time away. My main concern is
with signing messages and files, not signing keys. For example,
Ubuntu 14.04 LTS packages are signed with SHA-1 hashes. (Their newer
more experimental releases are using SHA-256, IIRC.)
Aside: many people are rightly nervous about switching to elliptic
curves. The maths is harder to understand, the most popular curves
have vulnerabilities (possibly by design!), and safe curves were only
developed quite recently. (See http://safecurves.cr.yp.to/) Of
course, the switch will happen, but it might be slow. Perhaps GPG
could give users better guidance that they ought to be using Curve
25519 rather than the vulnerable NIST or brainpool curves. (I'm
looking at https://www.gnupg.org/faq/whats-new-in-2.1.html#ecc, which
might be ought of date.)
> Changing the default preferences can probably be done, but I'll wait
> for Werner to return from his holiday and comment on that. Also,
> there may be an additional complication with regards to the digest
> used with the self-signature packet during key creation. I just
> double-checked another key I made earlier this year which definitely
> had SHA512 as the preferred first choice hash in gpg.conf during key
> creation and it still has SHA1 in the self signatures. It was also
> generated with classic due to the key size (I was doing silly things
> to prove a point elsewhere).
This would be great, thanks!
Kind regards,
Andrew
More information about the Gnupg-devel
mailing list