Confusion with signature digest type.

Robert J. Hansen rjh at
Sun Apr 28 10:26:03 CEST 2013

On 4/27/2013 8:01 PM, Daniel Kahn Gillmor wrote:
> I don't think this recommendation was made to defend against preimage
> attacks.  Avoiding the use of SHA-1 in certifications in general is a
> step towards defend against collision attacks, which is territory that
> SHA-1 is heading into.  (i agree that if sha-1 falls victim to preimage
> attacks we have much much bigger problems).

I'm having a little bit of trouble connecting the dots, Daniel.  (This
may be due to the late hour: at 4:30am I'm only awake due to a caffeine IV.)

If I sign my certificate using SHA-1 today, how does that facilitate a
collision attack against that certification?  Collision attacks on SHA-1
seem to be more in the realm of message signatures and automated systems
that may generate a ton of signatures on user-provided data without
human intervention.  It doesn't seem to be particularly relevant to the
case of a certificate signature: it seems as if to attack that you'd
have to move from generating random collisions into preimage attacks.

It is, of course, quite possible that I'm tired and missing something
important.  :)

More information about the Gnupg-users mailing list