The two V3 attacks
Werner Koch
wk at gnupg.org
Mon Jun 25 11:17:45 CEST 2012
On Mon, 25 Jun 2012 09:32, guninski at guninski.com said:
> You *knowingly* distribute vulnerable warez for a long time?
Do you mean the v5 format or the use of MD5 (ie. PGP2 compatible v3
keys).
The v5 format will allow to migrate form a SHA-1 fingerprint to a
SHA-{2,3} fingerprint. It will take many years but there is likely
enough time left. We currently don't expect to see a SHA-1 second
second pre-image any time soon. Collision attacks on the fingerprint
might have some bad consequences but the they won't lower the security
of the signatures. New keys use SHA-2 for signatures - this is in
contrast to PGP2 which uses MD5 for everything.
Waiting for the outcome of the SHA-3 competition is just the Right Thing
to do given that there are no SHA-1 attacks on the horizon.
Regarding the v3 format: Well, I'd love to drop it and actually we now
agreed to implement that as the default - along with an option to revert
this default.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list