phasing out SHA1 for digest creation
Andrew Gallagher
andrewg at andrewg.com
Sat Dec 7 15:35:09 CET 2024
On 7 Dec 2024, at 13:58, Werner Koch via Gnupg-devel <gnupg-devel at gnupg.org> wrote:
>
> Some people obviously want to have this
> covert channel in signatures.
Which people? Werner, this is a very serious allegation. If you’re not willing to name names and provide receipts, I would strongly advise you to withdraw it.
As discussed previously on the openpgp mailing list, there are already countless places in the wire format that an adversary could use for a covert channel, and I’m not aware of any implementation (including gnupg) that attempts to close these channels, perhaps because doing so would be a rich source of interop failures. It would be counterproductive for an adversary to introduce salted signatures for this purpose, as doing so would only draw attention for little further benefit.
Please let this be the end of it.
Thanks,
A
More information about the Gnupg-devel
mailing list