Adding a nounce before hashing as covert channel (Re: phasing out SHA1 for digest creation)
Bernhard Reiter
bernhard at intevation.de
Tue Dec 10 09:48:19 CET 2024
Am Samstag 07 Dezember 2024 15:35:09 schrieb Andrew Gallagher via Gnupg-devel:
> there are already countless places in the wire format that an adversary
> could use for a covert channel,
It still may not be wise to add another place.
There can be unwanted side effects of adding a nonce
(is what I understand from the example).
> and I’m not aware of any implementation
> (including gnupg) that attempts to close these channels, perhaps because
> doing so would be a rich source of interop failures. It would be
> counterproductive for an adversary to introduce salted signatures for this
> purpose, as doing so would only draw attention for little further benefit.
Which we only know if we fully understand all side effects.
Not saying that this is done deliberately.
Regards,
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241210/b2bebaba/attachment.sig>
More information about the Gnupg-devel
mailing list