Security doubts on 3DES default
Robert J. Hansen
rjh at sixdemonbag.org
Tue Mar 14 00:02:48 CET 2017
>> Again, required per the spec, and this can be
>> prevented by having one person
>> on the list use a DSA-2048/-3072 key, which forbids
>> SHA-1 usage.
> Really? many of the messages to the PGPNET discussion group  have
> SHA-1 signatures. Messages are signed and encrypted to about 30 keys,
> one of which is DSA-2048. Showpref on that DSA-2048 key gives
> Digest: SHA1, SHA256, RIPEMD160.
I was speaking a bit too glibly; I'm sorry about that.
If I'm sending to 30 people it's quite likely I'll wind up using CAST or
3DES, since that's the lowest common denominator. Cipher preferences
have a complex find-the-best-option algorithm that finds what all
recipients can use, then chooses one from among them -- so finding a
"common denominator" of algorithms is important.
But lowest common denominator for signatures is ... it's uncommon to
encounter such a situation; in fact, in 25 years of using PGP I don't
think I've ever encountered it. If I sign a message with TIGER192 and
you can't verify it, tough luck. Given this, I don't know how you'd
come up with a real-world case where you'd need a common hash algorithm
set for signing purposes.
But if there were such a case where there was a lowest common
denominator hash algorithm, DSA-2048 requires a 224-bit hash (and -3072
requires 256), so inclusion of either of those would preclude any
160-bit hash being used; they could not appear in a common algorithm set.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 630 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users