Re: [openpgp] Fingerprints and their collisions resistance
2013-01-03 17:08:56On 01/03/2013 05:33 PM, Andrey Jivsov wrote:
In the process of writing such a draft I noticed that the only place in OpenPGP where SHA1 is used in collision resistance sensitive way without the possibility to change it is fingerprints.
As i mentioned on the discussion on the GnuPG discussion list, i remain unconvinced that OpenPGP fingerprints need to be collision-resistant. They certainly need to be able to resist preimage attacks, but i haven't seen any convincing attacks that make me think collision resistance is an issue. Here's the recent GnuPG discussion: http://thread.gmane.org/gmane.comp.encryption.gpg.devel/17366/focus=17389 And here's earlier discussion from Daniel Nagy and myself on this list suggesting that collision-resistance is an issue for fingerprints: http://thread.gmane.org/gmane.ietf.openpgp/6012/focus=6013 http://thread.gmane.org/gmane.ietf.openpgp/7115/focus=7126 If anyone disagrees with this analysis, i would be interested in hearing how failed collision-resistance of the fingerprint mechanism could lead to practical attacks in OpenPGP.
I have this Keccak in OpenPGP darft written, waiting to for the NIST to publish SHA-3 and the OIDs assigned.
thanks for doing this, i think this will be a useful contribution.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
| Previous by Date: | Re: [openpgp] Fingerprints and their collisions resistance, Werner Koch |
|---|---|
| Next by Date: | Re: [openpgp] keyserver protocol, Daniel Kahn Gillmor |
| Previous by Thread: | Re: [openpgp] Fingerprints and their collisions resistance, Andrey Jivsov |
| Next by Thread: | Re: [openpgp] Fingerprints and their collisions resistance, Andrey Jivsov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |