Weakness in SHA-1

vedaal at hush.com vedaal at hush.com
Sun Sep 26 06:41:08 CEST 2004


Fri Sep 24 17:54:16 CEST 2004 David Shaw wrote:

]While this isn't a practical break of MD5, it is still prudent to stop
]using it.  In the context of OpenPGP, stopping using MD5 means
]stopping using v3 keys.  If we stop using MD5 today, we can gracefully
]migrate to something better.  If we wait until there IS a practical
]break, then we are forced into a frantic repair mode that can cause
]other harm.
..
]If there
]is a rational argument for starting a transition away from SHA-1, then
]we sure as heck should have been off MD5 for a long time now.

md5 is not necessary for signing with a v3 key,
and certainly not for encrypting

v3 keys can sign with 'any' hash,
but practically, for the purposes under discussion,
v3's can use sha256

dh/dsa cannot use anything higher than 160
(and, as i actually 'do' have a dh/dsa key, even if i don't use it much
;-) ,
i am just as concerned with the sha weakness for my dh/dsa key, 
as with md5 for my v3 key)
 
if dh/dsa can be modified to accept greater than 160 size and use sha
256, great,
if not,
then it might be prudent to look into a new hash design that would be
non md5/non sha-1 based
that would still allow dh/dsa signing at the 160 level

it is important to provide input into such a 'design contest' now,
that it provide backward compatibility, and allow for an sha 160 length
so that dh/dsa will still be used by those that prefer them,
when the attacks 'do' get better.

without such input,
the design contests may just take an easier way out by using a 'bigger'
hash, but not necessarily a more secure design,
and, even those candidates that do focus on the design, may want to present
the larger hash to make it the same as the competitors.

in the interests of compatiblitly,
it would be helpful if the respected people in gnupg and open-pgp
try to suggest that all entires for the hash be compatible with dh/dsa
160 length, 'before' any such contest begins.

vedaal



Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427



More information about the Gnupg-users mailing list