On 01/03/2013 05:33 PM, Andrey Jivsov wrote:
In the process of writing such a draft I noticed that the only place in
OpenPGP where SHA1 is used in collision resistance sensitive way without
the possibility to change it is fingerprints.
As i mentioned on the discussion on the GnuPG discussion list, i remain
unconvinced that OpenPGP fingerprints need to be collision-resistant.
They certainly need to be able to resist preimage attacks, but i haven't
seen any convincing attacks that make me think collision resistance is
Here's the recent GnuPG discussion:
And here's earlier discussion from Daniel Nagy and myself on this list
suggesting that collision-resistance is an issue for fingerprints:
If anyone disagrees with this analysis, i would be interested in hearing
how failed collision-resistance of the fingerprint mechanism could lead
to practical attacks in OpenPGP.
I have this Keccak in OpenPGP darft written, waiting to for the NIST to
publish SHA-3 and the OIDs assigned.
thanks for doing this, i think this will be a useful contribution.
Description: OpenPGP digital signature
openpgp mailing list