Who protects the private key (was: Changing the encryption algorithm used for PGP/GPG private key)
Jacob Bachmeyer
jcb62281 at gmail.com
Sun Feb 20 03:07:48 CET 2022
Daniel Colquitt via Gnupg-users wrote:
> Whilst AES128 is probably okay for now, SHA1 has been broken for well over 15 years.
Has it really been that long? ... No, it has not been: a free-start
collision was found on the SHA-1 compression function in 2015, less than
7 years ago.
As far as I know, a single collision pair ("SHAttered") has been
produced, using about 9 months on a very large cluster, against the full
SHA-1. There is no comparison here to MD5, for example. Further, only
collisions have been demonstrated so far, and if Mallory producing a
colliding private key is a concern for you, you have bigger problems,
like Mallory having provided your private key in the first place!
It is also worth noting that SHA-1 is (as far as I know) only used as a
fancy checksum here to guard against data corruption. If Mallory even
has access to potentially replace your private key, you have bigger
problems than potential weaknesses of the checksum on that key.
-- Jacob
More information about the Gnupg-users
mailing list