SHA1 broken?

Jason Harris jharris at widomaker.com
Wed Feb 16 21:05:07 CET 2005


On Wed, Feb 16, 2005 at 07:59:24PM +0100, Werner Koch wrote:

> Assuming that the SHA-1 collision calculation is simialar to the MD5
> one, tehre is even no immediate danger due to the way the fingerprints
> are calculated: The first block used in the fingerprint calculation is
> more or less a constant and can't be change to create a working faked
> key.

The key creation time can be varied at will, and, I presume, v4 RSA
key material can be too, a la v3 "vanity" keyids.  But, is duplicating
v4 key fingerprints a useful attack?

While two v4 keys with the same fingerprint could "steal" userid
certifications made by others, any signatures produced by the
colliding keys, including selfsigs on their userids, can _not_
be "stolen," TTBOMK.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20050216/86a7f44b/attachment.pgp


More information about the Gnupg-users mailing list