simple-sk-checksum
David Shaw
dshaw at jabberwocky.com
Fri Jan 4 22:53:44 CET 2013
On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber <singpolyma at singpolyma.net> wrote:
> The manpage for gpg sez:
>
>> Secret keys are integrity protected by using a SHA-1 checksum. This method is part of the upcoming enhanced OpenPGP specification but GnuPG already uses it as a countermeasure against certain attacks. Old applications don't under‐ stand this new format, so this
>> option may be used to switch back to the old behaviour. Using this option bears a security risk.
>
> Does anyone know what the actual security risk is? Using a weaker checksum obviously makes it easier to forge data, but in this case the data being forged is just the secret parts of a secret key. What are the attack vectors there?
http://eprint.iacr.org/2002/076.pdf
David
More information about the Gnupg-users
mailing list