gnupg website

Werner Koch wk at
Wed Jan 25 09:52:15 CET 2017

On Wed, 25 Jan 2017 01:05, sivmu at said:

> not sure this is the perfect place, but I wanted to point out that the
> website still uses sha1 as a mac.

Despite that SHA-1 is not yet broken they now even claims that HMAC-SHA1
is broken?  I do not even known a theoretical attack on HMAC-MD5.

This whole banning of SHA-1 and 3DES for public https servers and in
particular ssllabs' new grades is mostly security theater.  Sure, this
helps to raise awareness that we always need to be prepared to replace
algorithms and for that it is a Good Thing.

However, for the Web threat model these algorithms are still fine: To
attack Web sites there are _much_ easier ways than to break SHA-1 or to
inject JS to generate incredible large amounts of traffic to reach the
limit of 64 bit block ciphers.  Let alone the contradiction of sending
Javascript to the client and claiming security of the user/client.

This reminds me of the proverbial barbed wire equipped gate protected by
a bunch of gunmen and 5 miles of a 2 feet high latticework fence.  Guess
where the thieves will enter the property.

> Also, activating OCSP to increase privacy might be a good idea too.

OCSP is used as an alternative to CRLs and not directly related to
privacy.  On a CA break the next update of your browser will put the A
onto its internal blacklist anyway.  When the server key is compromised
OCSP does not help at all

> Thanks for your work on open source encryption.




Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170125/3ed98f04/attachment.sig>

More information about the Gnupg-users mailing list