phasing out SHA1 for digest creation
Bruce Walzer
bwalzer at 59.ca
Thu Dec 5 13:36:20 CET 2024
On Thu, Dec 05, 2024 at 11:37:44AM +0100, Bernhard Reiter via Gnupg-devel wrote:
> Hi Werner,
>
> last year in March 2023 you wrote in
> https://dev.gnupg.org/T6433
There was no discussion of the potential vulnerabilities in T6433 that
might be caused by leaving things as they are. When discussing long
used methods we really need to concentrate on the actual potential
harm to users. What are those potential harms here?
My understanding is that since SHA-1 is secure for everything but
collisions that the user is quite safe even in the face of easy to
create collisions. What am I missing? An attacker can't create a
collision with an existing SHA-1 digest and the new digests are made
with SHA-256. An attacker can create matching keys using SHA-1 digests
and submit one of them to some sort of trusted third party for
certification but that is the sort of thing that only works once.
What is the actual issue here?
Bruce
More information about the Gnupg-devel
mailing list