howto secure older keys after the recent attacks
Philippe Cerfon
philcerf at googlemail.com
Fri Sep 11 01:19:30 CEST 2009
On Fri, Sep 11, 2009 at 12:39 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> That's three examples of things that will unexpectedly break if SHA-1
> falls. A complete laundry list would go for pages and pages and pages.
> I'd suggest reading comp.risks; they might have something on point.
Thanks,.. got what you meant :-)
>> But attackers could still attack older data, that they intercepted, right?
> Imagine that in 2010, the OpenPGP Working Group publishes a new key
> specification. v5 keys use SHA256, not SHA1. I revoke my current key
> and migrate to a new v5 key.
> In 2015, the SHA-1 attack becomes practical. Someone goes back to my
> old messages and lifts a signature off something I've written. They
> construct a new message that hashes out the same as my old message, and
> put my old signature on a new message. "Look, look! He signed a
> message in 2009 claiming that he'd pay me $1 million in 2015! Pay up,
> Mr. Hansen!"
>
> No one would take such a forgery seriously.
Ah I see,...
And encryption does not suffer from hash algorithm weaknesses anyway, does it?
I mean there it wouldn't help to revoke my key,... (given the fact
that one has such long term secrets).
Cheers,
Philippe.
More information about the Gnupg-users
mailing list