Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures Thu, 23 January 2020 23:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5FCCC1200BA for <>; Thu, 23 Jan 2020 15:08:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zdkxr6Q607VV for <>; Thu, 23 Jan 2020 15:08:12 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F2E5312008A for <>; Thu, 23 Jan 2020 15:08:11 -0800 (PST)
Received: from (localhost []) by (Postfix) with SMTP id 4BCD6202AC for <>; Thu, 23 Jan 2020 23:08:11 +0000 (UTC)
X-hush-tls-connected: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed;; h=date:to:subject:from; s=hush; bh=YqvxG0Du+o8YA1gfMKeM8Ea5pmjDgkc7ZC48tr58ZC4=; b=OXRtWomSx0v8nMiRadj9M25wUa7Oe3T8Z/XsXJlZEU8HUdHrLUo+u9t4gZCMFraAnxMvp7iqXou/DNgXR34SzdqLI5pPNpsRWSboMC51FQL96lN7Vb/xLWvhNsj3MTbNWykzdU61yqXwxUZ0HE90Nh8FuYhDwXSiUMz2WCAETrJHWdn5l3YzGUMyZfd7jXGoJ5XtgGvudl9sO6aakfnWWOJ5siWeC+350+dHKsuH6R67esdBesRe2MI6a4YGJ5IBSUSx6KiTAN/lJ3zaAs2uDXI0eExecnYBXBuIWUCrDOrjAdgrVU877X/baEXNwwigFho9PVwzsYlXHHHIA6h7TA==
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS; Thu, 23 Jan 2020 23:08:10 +0000 (UTC)
Received: by (Postfix, from userid 99) id D979DC0640; Thu, 23 Jan 2020 23:08:10 +0000 (UTC)
MIME-Version: 1.0
Date: Thu, 23 Jan 2020 18:08:10 -0500
To: "Kai Engert" <>,
In-Reply-To: <>
References: <> <>
Content-Type: multipart/alternative; boundary="=_8d7721bce9998859d68dd6e9f790c56a"
Message-Id: <>
Archived-At: <>
Subject: Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jan 2020 23:08:13 -0000

On 1/23/2020 at 5:57 PM, "Kai Engert"  wrote:On 22.01.20 15:31, Marcus
Brinkmann wrote:
> * The authors could have easily created colliding public keys with
> identical (160 bit SHA-1) fingerprints, at the cost of 45k USD.
> Although I don't know about any attack made possible by owning such
> pair of keys, the pure existence of a fingerprint collision could
> problems in some appliations, triggering potential bugs in code that
> assumes fingerprints can never be identical.

Does this mean, anyone can create a key pair that has the same 
fingerprint as I have on my business card, by spending that amount of

I have not checked the original paper, but I *think* they were talking
about making a key collision, 
with a given 160 bit SHA-1 fingerprint,
but *without* the same name, and e-mail address,
which would be much less of a practical threat.

Anybody, please correct, if I am wrong, and they did include the name
and e-mail in the proposal for a successful collision.