phasing out SHA1 for digest creation
Heiko Schäfer
heiko.schaefer at posteo.de
Sat Dec 7 10:50:43 CET 2024
On 12/7/24 2:42 AM, Jacob Bachmeyer via Gnupg-devel wrote:
> Alternately, for the next PGP protocol version, including a nonce N in
> the calculation of the digest H and also signing {N,H} instead of just
> H should allow longer nonces without risking the signature integrity.
> (I wonder if the SSH developers were thinking along those lines...)
FWIW, OpenPGP version 6 signatures, specified in RFC 9580, do contain a
salt (https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3-2.10.1).
The signature hashing process starts with that salt
(https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.4-2).
More information about the Gnupg-devel
mailing list