Confusion with signature digest type.
Robert J. Hansen
rjh at sixdemonbag.org
Sun Apr 28 10:26:03 CEST 2013
On 4/27/2013 8:01 PM, Daniel Kahn Gillmor wrote:
> I don't think this recommendation was made to defend against preimage
> attacks. Avoiding the use of SHA-1 in certifications in general is a
> step towards defend against collision attacks, which is territory that
> SHA-1 is heading into. (i agree that if sha-1 falls victim to preimage
> attacks we have much much bigger problems).
I'm having a little bit of trouble connecting the dots, Daniel. (This
may be due to the late hour: at 4:30am I'm only awake due to a caffeine IV.)
If I sign my certificate using SHA-1 today, how does that facilitate a
collision attack against that certification? Collision attacks on SHA-1
seem to be more in the realm of message signatures and automated systems
that may generate a ton of signatures on user-provided data without
human intervention. It doesn't seem to be particularly relevant to the
case of a certificate signature: it seems as if to attack that you'd
have to move from generating random collisions into preimage attacks.
It is, of course, quite possible that I'm tired and missing something
More information about the Gnupg-users