phasing out SHA1 for digest creation
Jacob Bachmeyer
jcb62281 at gmail.com
Sat Dec 7 02:40:48 CET 2024
On 12/6/24 03:56, Rainer Perske wrote:
> Hello
>
> Jacob Bachmeyer schrieb am 2024-12-06:
>
>> Better solution: never sign a document exactly as presented to you; always make a small change first. This could be as simple as including a nonce in the signature.
> Correct – if the change or nonce is big and random enough (at least about 80 bit of randomness to compensate for the lost 80 bits of security due to the birthday attack, even if that is not a real compensation for multiple reasons), i.e. make many small or few big changes to the content. But the normal user does not know.
As I understand, one bit is enough to destroy a tediously prepared
collision; and Wiktor noted that PGP includes a timestamp (to one
second) in the signed data and the protocol allows implementations to
add more data to the signature.
-- Jacob
More information about the Gnupg-devel
mailing list