SHA-1 checksums to be replaced with something better at https://gnupg.org/download/integrity_check.html ?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Mar 17 20:44:55 CET 2016


On Thu 2016-03-17 15:34:08 -0400, Fabian Santiago wrote:
>> 
>> What is your threat model?  FWIW, pre-image attacks on SHA-1 are not
>> even on the horizon.
>> 
>
> Pre-image attack?

https://en.wikipedia.org/wiki/Preimage_attack

FWIW, the threat model of digest algorithms being published on an HTTPS
website that then links to the file to be downloaded is much easier to
work around than by compromising SHA-1's preimage resistance (or even
collision resistance for that matter).

However, it makes more sense to me to just move everything to sha-256
today.  Anyone who actually checks the digests should be capable of
using sha256 today, and it would avoid this sort of question coming up
in the future.

        --dkg



More information about the Gnupg-users mailing list