why is SHA1 used? How do I get SHA256 to be used?

Robert J. Hansen rjh at sixdemonbag.org
Wed Jul 11 02:27:54 CEST 2012


On 7/10/2012 8:15 PM, Robert J. Hansen wrote:
> Then you need to stop using OpenPGP altogether, because you're already
> generating SHA-1 signatures with your certificate which can be lifted
> and dropped onto new messages if/when a preimage attack is introduced
> against SHA-1.

After re-reading this, I need to back off from this paragraph a bit.  I
apologize -- I've been up for almost 24 hours now and my thinking is a
bit hazy.  I know SHA-1 is hardwired into the spec, but without going to
the spec and reading it closely I'm not 100% certain that SHA-1
*signatures* are hardwired into the spec, and frankly I'm too tired to
do a detailed read of RFC4880 right now.

My apologies.

The general point remains, though, that if you believe SHA-1 is insecure
then you need to stop using OpenPGP.  A preimage collision against SHA-1
breaks OpenPGP into a lot of tiny little pieces.  Little kids might
still find those pieces useful for gluing to paper plates and giving to
their parents to hang on refrigerators, but for the rest of us we're
unlikely to have any further uses.  :)




More information about the Gnupg-users mailing list