Debian crypto strength

Thu Jun 27 15:06:42 CEST 2013

On 06/27/2013 09:24 AM, Daniel Pocock wrote:
> 
> Some of the discussion in this bug seems relevant to the GnuPG and
> GnuPG2 packages in Debian, but the bug is against the archive
> pseudo-package:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612657

I wouldn't classify it as a bug but I did read all comments
and what I write here should be classified as just the
OPINION of one person, moi.  Like Thomas Jefferson's
religious beliefs I think I will be in a congregation of
one.

> Can anybody else make any comments:
> 
> a) should there be more effort to phase out SHA1?

Maybe not if the argument by one person here is to be believed
and the statemnt by another that ALL of the SHA would have been
vulnerable to the same attack.  Did the discussion come to a
satisfactory conclusion?  Not for me since the arguments were
mostly theoretical.  I am one of those people who much prefers
actual over theoretical.  Where they can't phase out SHA1 they
can't. Where they can they should replace it with SHA-256.  The
one comment saying you can have both SHA1 and SHA-256 is
impractical. It is either SHA1 or something else.  I suspect
the inertia against shifting from SHA1 to something else is
probably more the hassles they perceive it will cause than
any technical considerations due to standards.

> b) how is it being approached upstream?  Is backwards-compatibility
> still emphasized to the same extent?

I don't know how much they are emphasizing backwards
compatability. But in this case I don't see how it could be a
problem if they are using only GnuPG.  Support for SHA-256 has
been in GnuPG for an awfully long time.  SHA-512 may cause
problems going forwards given its status in backwards
compatibility and depending on whether Debian uses something
other than GnuPG going forwards.  SHA-512 also requires
significantly more CPU cycles as well and can be too much
for smaller devices. Is Debian planning on a smart phone or
tablet?

> c) should this become a general system-wide goal to audit and increase
> crypto-strength in all parts of jessie / future Debian versions?

The comments in the bug indicate that NIST has a directive to
replace SHA1 with something else by 2010?  I don't know what all
that includes but Microsoft is still using SHA1 which means that
if Microsoft is included the directive is hopeless.  Here we
are three years later and people are stubbornly refusing to
shift away from SHA1.

I can remember when kernel.org was hacked into and they stated
that they had used super secure SHA1.  That is kind of like the
two radar technicians in Tora Tora Tora.  The first notes a huge
formation coming in from the north.  The second whines about
going to eat and the lieutenant they call the observation into
into told them not to worry about it.  The argument that SHA1
just isn't as robust seems to me to be the same type of argument
as the one to ignore that radar warning.  We all know what
happened on that one don't we?  Pearl Harbor and the US was
sucked into World War II whether they wanted to be in it or
not.

In trying to understand the resistance to moving away from SHA1
you have to understand that it is much more dependent on the
personal resistance to change than the technical hassles.  But
if they do it they should write down all the problems they had
and how they solved them in case they have to do it again in
the future.  The second time around for anything is always
much easier than the first.

HHH
---
Thinking has been suspended indefinitely
Anybody caught thinking will be immediately shot!