phasing out SHA1 for digest creation
Rainer Perske
rainer.perske at uni-muenster.de
Thu Dec 5 18:13:44 CET 2024
Bruce Walzer schrieb am 2024-12-05:
> What is the actual issue here?
Extremely simplified:
Attacker makes many good documents and many bad documents until he finds a collision.
See https://shattered.io
Attacker takes the good document and the bad document with the same hash.
Attacker asks victim to sign the good document.
Victim does so.
Attacker combines the signature with the bad document.
So the attacker can "prove" that the victim has signed the bad document.
Conclusion:
Do never use SHA-1 for new signatures.
Emit a warning for existing SHA-1 signatures.
Kind regards
--
Rainer Perske
Systemdienste + Leiter der Zertifizierungsstelle (UCAM)
--
Universität Münster
CIT - Center for Information Technology
Rainer Perske, Systemdienste
Röntgenstraße 7-13, Raum 006
48149 Münster
Tel.: +49 251 83-31582
E-Mail: rainer.perske at uni-muenster.de
Website: www.uni-muenster.de/IT
Universitätszertifizierungsstelle Münster (UCAM):
Tel.: +49 251 83-31590
E-Mail: ca at uni-muenster.de
WWW: www.uni-muenster.de/CA
YouTube: youtube.com/@uni_muenster
Instagram: instagram.com/uni_muenster
LinkedIn: linkedin.com/school/university-of-muenster
Facebook: facebook.com/unimuenster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6319 bytes
Desc: S/MIME cryptographic signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241205/3c28286d/attachment.bin>
More information about the Gnupg-devel
mailing list