[Top] [All Lists]

Re: [openpgp] Fingerprints and their collisions resistance

2013-01-03 17:08:56
On 01/03/2013 05:33 PM, Andrey Jivsov wrote:
In the process of writing such a draft I noticed that the only place in
OpenPGP where SHA1 is used in collision resistance sensitive way without
the possibility to change it is fingerprints.

As i mentioned on the discussion on the GnuPG discussion list, i remain
unconvinced that OpenPGP fingerprints need to be collision-resistant.
They certainly need to be able to resist preimage attacks, but i haven't
seen any convincing attacks that make me think collision resistance is
an issue.

Here's the recent GnuPG discussion:

And here's earlier discussion from Daniel Nagy and myself on this list
suggesting that collision-resistance is an issue for fingerprints:

If anyone disagrees with this analysis, i would be interested in hearing
how failed collision-resistance of the fingerprint mechanism could lead
to practical attacks in OpenPGP.

I have this Keccak in OpenPGP darft written, waiting to for the NIST to
publish SHA-3 and the OIDs assigned.

thanks for doing this, i think this will be a useful contribution.



Attachment: signature.asc
Description: OpenPGP digital signature

openpgp mailing list