On 01/03/2013 05:33 PM, Andrey Jivsov wrote:
In the process of writing such a draft I noticed that the only place in
OpenPGP where SHA1 is used in collision resistance sensitive way without
the possibility to change it is fingerprints.
As i mentioned on the discussion on the GnuPG discussion list, i remain
unconvinced that OpenPGP fingerprints need to be collision-resistant.
They certainly need to be able to resist preimage attacks, but i haven't
seen any convincing attacks that make me think collision resistance is
an issue.
Here's the recent GnuPG discussion:
http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17366/focus=17389
And here's earlier discussion from Daniel Nagy and myself on this list
suggesting that collision-resistance is an issue for fingerprints:
http://thread.gmane.org/gmane.ietf.openpgp/6012/focus=6013
http://thread.gmane.org/gmane.ietf.openpgp/7115/focus=7126
If anyone disagrees with this analysis, i would be interested in hearing
how failed collision-resistance of the fingerprint mechanism could lead
to practical attacks in OpenPGP.
I have this Keccak in OpenPGP darft written, waiting to for the NIST to
publish SHA-3 and the OIDs assigned.
thanks for doing this, i think this will be a useful contribution.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp