Confusion with signature digest type.
Robert J. Hansen
rjh at sixdemonbag.org
Sun Apr 28 10:26:03 CEST 2013
On 4/27/2013 8:01 PM, Daniel Kahn Gillmor wrote:
> I don't think this recommendation was made to defend against preimage
> attacks. Avoiding the use of SHA-1 in certifications in general is a
> step towards defend against collision attacks, which is territory that
> SHA-1 is heading into. (i agree that if sha-1 falls victim to preimage
> attacks we have much much bigger problems).
I'm having a little bit of trouble connecting the dots, Daniel. (This
may be due to the late hour: at 4:30am I'm only awake due to a caffeine IV.)
If I sign my certificate using SHA-1 today, how does that facilitate a
collision attack against that certification? Collision attacks on SHA-1
seem to be more in the realm of message signatures and automated systems
that may generate a ton of signatures on user-provided data without
human intervention. It doesn't seem to be particularly relevant to the
case of a certificate signature: it seems as if to attack that you'd
have to move from generating random collisions into preimage attacks.
It is, of course, quite possible that I'm tired and missing something
important. :)
More information about the Gnupg-users
mailing list