SHA1 collision found

vedaal at vedaal at
Fri Feb 24 16:15:23 CET 2017

On 2/23/2017 at 4:52 PM, sivmu at wrote:...
Not sure about you but I am not able to see the difference between a
valid pgp key and "gibberish" ;)


In the example of the 2 pdf's,  they started with one pdf, made
another pdf, then multiple (more than billions) trials of adding a
string to the second pdf so that it hashes to the first.

With regard to generating a new key that hashes to a known specific
key, the forger must do 2 things simultaneously;

[1] generating new key material
[2] seeing that the hashed fingerprint of the new key matches that of
the first key

The forger does not start with a newly generated key and add material
so that the hash would match the first key (the case of the pdf's).
If that were the case, then the key system would be broken now for the
SHA1 hash.

Even for v3 keys, which were not SHA1 hashed, the only way to generate
a new key with the same fingerprint, would be to allow the key size to
vary (usually to a bizarre key size that would be quite suspect, and
not believed).

Now, for a V4 key with an SHA1 hash, and a further restriction that
the forged key size be the same as the first key, this is not known to
be doable day, even with the google cloud computer sharing efforts,
and the breakthrough of finding pdf's with the same hash.

Again, I fully support moving to a secure hash, but I do think that
users have more than enough time until the open-pgp group issues the
official standard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170224/540d7a11/attachment.html>

More information about the Gnupg-users mailing list