howto secure older keys after the recent attacks

Philippe Cerfon philcerf at
Fri Sep 11 01:19:30 CEST 2009

On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen <rjh at> wrote:
> That's three examples of things that will unexpectedly break if SHA-1
> falls.  A complete laundry list would go for pages and pages and pages.
>  I'd suggest reading comp.risks; they might have something on point.

Thanks,.. got what you meant :-)

>> But attackers could still attack older data, that they intercepted, right?
> Imagine that in 2010, the OpenPGP Working Group publishes a new key
> specification.  v5 keys use SHA256, not SHA1.  I revoke my current key
> and migrate to a new v5 key.

> In 2015, the SHA-1 attack becomes practical.  Someone goes back to my
> old messages and lifts a signature off something I've written.  They
> construct a new message that hashes out the same as my old message, and
> put my old signature on a new message.  "Look, look!  He signed a
> message in 2009 claiming that he'd pay me $1 million in 2015!  Pay up,
> Mr. Hansen!"
> No one would take such a forgery seriously.

Ah I see,...
And encryption does not suffer from hash algorithm weaknesses anyway, does it?
I mean there it wouldn't help to revoke my key,... (given the fact
that one has such long term secrets).


More information about the Gnupg-users mailing list