SHA1 depreciation ??

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SHA1 depreciation ??

Joshua Hudson
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SHA1 got broken some months ago, but I see no useful move to get rid of using it for even new stuff.

I found some email chains awhile back showing the web of trust collapsing if SHA1 were not used.

I found ubuntu trying to go at removing it alone: https://wiki.ubuntu.com/SecurityTeam/GPGMigration
(mainly talks about changing keys but they are testing SHA2 signatures extensively)

I found out it's really hard to make a key that doesn't say "Digest: ... SHA1" in its attributes.

I found out why the web of trust collapses; public signing defaults to SHA1 unless a command line
option is passed to change it. Editing key preferences on your signing key won't do it.

I'm pretty sure enigmail will sign this message with SHA1 because it doesn't have an option to
select digest and setting whatever on preferences doesn't work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iF4EAREIAAYFAllT6MMACgkQE8ihdI6XWvTX1AD/T8oFAb2/TNGkt3Ke8sYSTO9H
wQXh6MqsRajuqF542NUA/2PEajHFahVohQBxQLeUwAZr5G8Kk4q77Nq3mOpwzbfa
=kwi5
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

0x8E975AF4.asc (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SHA1 depreciation ??

Robert J. Hansen-3
> SHA1 got broken some months ago, but I see no useful move to get rid
> of using it for even new stuff.

(a) Not for OpenPGP's uses.  For our uses it's still safe, although we
recommend moving to other, better, hashes as soon as possible.

(b) It's pretty easy to avoid using SHA-1.  There are still a small
number of places where it's mandatory, and this will not change until
the IETF OpenPGP Working Group publishes the v5 key specification.

(c) The IETF OpenPGP WG is working on a new key specification ("v5")
which completely gets rid of SHA-1.

> I found out it's really hard to make a key that doesn't say "Digest:
> ... SHA1" in its attributes.

You found out it's *impossible*.  SHA-1 is a MUST algorithm according to
the RFC.  You cannot get rid of SHA-1 from your key preferences.  Even
if you were to do it, every RFC-conformant OpenPGP application on the
planet would say, "that's odd: let me just append SHA-1 to that", as
they are required to do by the RFC.

> I found out why the web of trust collapses; public signing defaults
> to SHA1 unless a command line option is passed to change it. Editing
> key preferences on your signing key won't do it.

You didn't read the manual.  The preferences attached to your key tell
the world what algorithms you're capable of interoperating with.  GnuPG
never uses them to decide which algorithms to apply to your own traffic.

> I'm pretty sure enigmail will sign this message with SHA1 because it
> doesn't have an option to select digest and setting whatever on
> preferences doesn't work.

Enigmail doesn't sign anything.  GnuPG is what signs things.  Enigmail
just hands your documents to GnuPG for processing.

Check what digest was used to sign this message.  Hint: I'm using Enigmail.

Try adding this lines to your gpg.conf file:

personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (837 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SHA1 depreciation ??

Lou Wynn
On 06/29/2017 02:31 PM, Robert J. Hansen wrote:
SHA1 got broken some months ago, but I see no useful move to get rid
of using it for even new stuff.
(a) Not for OpenPGP's uses.  For our uses it's still safe, although we
recommend moving to other, better, hashes as soon as possible.

(b) It's pretty easy to avoid using SHA-1.  There are still a small
number of places where it's mandatory, and this will not change until
the IETF OpenPGP Working Group publishes the v5 key specification.

(c) The IETF OpenPGP WG is working on a new key specification ("v5")
which completely gets rid of SHA-1.

As for the current version v4, SHA1 is used to compute the fingerprint. Are there other mandatory places?

Others such as signature hash and password hash do not depend on SHA1.

Do you know any time frame and significant changes of v5 specs?


Thanks,
Lou


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SHA1 depreciation ??

Robert J. Hansen-3
> As for the current version v4, SHA1 is used to compute the fingerprint.
> Are there other mandatory places?

Yes.  Search the RFC for the term "SHA-1" and you'll find them.  It's
hardwired into several of the packet formats, for instance.

> Do you know any time frame and significant changes of v5 specs?

No.  The WG is being annoyingly slow.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SHA1 depreciation ??

Werner Koch
In reply to this post by Lou Wynn
On Fri, 30 Jun 2017 02:33, [hidden email] said:

> Do you know any time frame and significant changes of v5 specs?

Next year we will prepare GnuPG to handle v5 keys read-only.  I assume
that we can create v5 keys by default in maybe 5 years.


Shalom-Salam,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

attachment0 (233 bytes) Download Attachment
Loading...