Closed 19hundreds closed 6 years ago
This appears to be a duplicate of #1116 or #2818 or both. If so, please comment on the appropriate existing issue instead. If you believe this is not really a duplicate, please leave a comment briefly explaining why. We'll be happy to take another look and, if appropriate, reopen this issue. Thank you.
:public key packet: version 4, algo 1, created 1270124793, expires 0
This is public key packet, so this table applies: RSA
digest algo 2, begin of digest d7 b9
Yes, self-signature indeed use SHA1.
In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1
option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks.
New signatures are made with SHA256 hash function.
@andrewdavidwong yes the two tickets are related to this one. The difference is that, to my understanding, there is a potential security risk. I've no way to doubt @marmarek who says that there is no known pre-image attack so, yes, I guess it should be closed.
@marmarek out of curiosity, how one can be reasonably sure that there is no successful pre-image attack after an hash function has been found vulnerable?
We could ask the same question about any hash function - we don't know what attack exists until the research is made public. As for public knowledge, the only attack currently possible (but still requiring enormous resources) is generating two files with the same hash (collision attack). But not generating input matching predefined hash value (pre-image attack).
yes the two tickets are related to this one. The difference is that, to my understanding, there is a potential security risk.
That is not a difference, since the other two issues also entail security risks. There is a security risk to using SHA-1 instead of SHA-256 or SHA-512 for PGP signatures (#1116), and there is a security risk to not generating a new QMSK, given the limitations of the current one (#2818).
@andrewdavidwong & @marmarek thank you. You gave me a lot of inputs!
Hello,
this is not a bug report but a heads up. I've read the guideline and I couldn't find a better fitting way to report this case. Somehow mailing list felt wrong.
I'm definitely a newbie in everything therefore, hopefully, what I'm reporting here is totally irrelevant if not wrong.
I'm studying GPG and I was playing around with GPG conf.
Some guides I've stumbled upon are advising to add this GPG line to gpg.conf
because of this reported SHA1 collision.
After adding this like I noticed that I was unable to import Qubes signing key
Notice the: gpg: Note: signatures using the SHA1 algorithm are rejected.
The key was not imported.
The only way I have found to import it was to use the
--allow-non-selfsigned-uid
option:So I commented the
weak-digest SHA1
line from my GPG conf and repeated the operation. It worked without problems.Then I checked your key with this command:
Accordingly to RFC 4880 SHA1 is ID 2
which matches the line:
digest algo 2, begin of digest d7 b9
My limited knowledge doesn't help here, however I interpret the above output in this way:
Do I get it right?
Do you think this can be an issue?
I hope I'm not wasting your precious and already limited time. Thank you very much for your exceptional work: words can't describe my appreciation.