why is SHA1 used? How do I get SHA256 to be used?
Hauke Laging
mailinglisten at hauke-laging.de
Thu Jul 12 14:05:30 CEST 2012
Am Mi 11.07.2012, 22:10:11 schrieb Daniel Kahn Gillmor:
> If the attacker can convince you to sign a chosen text (perhaps one that
> looks reasonable), then a failure in the digest's collision-resistance
> could very well be used to replay that signature over a different (but
> colliding) text (which may not be something reasonable). This does not
> require a preimage collision.
But that is a problem only in that case that a collision algorithm is capable
of creating (mostly – some "random" data may be hidden in comments) useful
data, isn't it?
I am not familiar with the collision algorithms. Is all the effort useless if
the reasonable document is slightly changed? I guess so. Does it make sense to
require every document which one is to sign to be slightly changed (even if
it's just a "typo" but this change would have to be determined by oneself not
by the other party) before signing?
> I'm not saying these attacks exist practically today against SHA1 (i
> don't know if they do), but collision-resistance is the relevant
> property, not resistance to pre-image attacks.
But the problem of collision-resistance can be addressed organizationally,
pre-image attacks cannot.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20120712/0db53ee1/attachment.pgp>
More information about the Gnupg-users
mailing list