ietf-openpgp
[Top] [All Lists]

Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures

2020-01-22 15:20:13
* Marcus Brinkmann:

* Do not sign photo ids.  In fact, photo ids are problematic in many
other ways and should be deprecated and not be used anymore. Support for
user attribute packets should be dropped from the standard.

I expect that a similar attack would work involving non-critical
hashed subpackets in the private area.  They should provide enough
wiggle room.

* The authors could have easily created colliding public keys with
identical (160 bit SHA-1) fingerprints, at the cost of 45k USD.
Although I don't know about any attack made possible by owning such a
pair of keys, the pure existence of a fingerprint collision could cause
problems in some appliations, triggering potential bugs in code that
assumes fingerprints can never be identical.

It would definitely be nice to have such colliding keys for testing
purposes.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp