Robert J. Hansen rjh at
Mon Jun 25 17:56:03 CEST 2012

On 06/25/2012 10:18 AM, Johan Wevers wrote:
> That depends on your threat model. If signing messages is not so 
> important to you but encrypting is, this advice is understandable.
> So let MD5 be broken, it matters not for encryption.

If MD5 signatures can be forged (and news reports strongly indicate they
can be), that means the self-signature on certificates is now
susceptible to forgery.

> This suggests a threat model where your opponent has almost Stuxnet
> like capabilities.

It may make sense to talk about specific things we've discovered about
those two pieces of work (Flame being the other), but let's be careful
using them as adjectives.  We genuinely don't know enough about them: it
will take the public antivirus community years to discover exactly what
and how they do what they do.

> Since the pgp 2 days we get warnings about adapted compilers, but
> I've never seen something like that surfacing.

	"Lieutenant, when you see Indians, be careful.  When
	 you don't see Indians, be more careful."

				-- _Ride Ranger Ride_, a 1936
				   Gene Autry film

Competent malware hides better than Lamont Cranston.

More information about the Gnupg-users mailing list