Re: [openpgp] SHA1 collision found
vedaal@nym.hush.com Fri, 24 February 2017 15:15 UTC
Return-Path: <vedaal@nym.hush.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE6C129881 for <openpgp@ietfa.amsl.com>; Fri, 24 Feb 2017 07:15:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.491
X-Spam-Level:
X-Spam-Status: No, score=-2.491 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=hush.ai
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sDDwLoZeVKkU for <openpgp@ietfa.amsl.com>; Fri, 24 Feb 2017 07:15:24 -0800 (PST)
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4F97129868 for <openpgp@ietf.org>; Fri, 24 Feb 2017 07:15:24 -0800 (PST)
Received: from smtp3.hushmail.com (localhost [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 17285E03DE for <openpgp@ietf.org>; Fri, 24 Feb 2017 15:15:24 +0000 (UTC)
X-hush-tls-connected: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=hush.ai; h=date:to:subject:from; s=hush; bh=l3Hz+TrY13tRvR3CZC7HTdvUTcmebYmlB+sGLFChHvQ=; b=x/yp/lZlgiv6NSMtkTQUBVsWkrEQil6QjzF4ngH48XU3j+4IN9O/lQQ2DD9fa9Qu2rulvolwB9zIovosTZvcLK3ZweaQs2xC0A9hqkBPImz1Muh2Wq7RbZPf3ta0j9TigioRN357kRlOaM8LX3OBvtA2OUOZqHxI6OWkTZEeoFoBJU5oQIgTtfutIe8V0LH4rZuhK18D9sLvzagCUNP9u9A1stSaZpk34eVfg+jo+RSAjxGnDSxGL1G8GRdTvjFaibIPA71gVFyuRMzC7RLosODLoPXxtBvMpe9rvbbuWd57qBkT40QxQXO6bBPu7/Kb5ZLzodj0AytySSBROMEkCw==
Received: from smtp.hushmail.com (w2.hushmail.com [65.39.178.46]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp3.hushmail.com (Postfix) with ESMTPS; Fri, 24 Feb 2017 15:15:23 +0000 (UTC)
Received: by smtp.hushmail.com (Postfix, from userid 99) id B27CFE05F7; Fri, 24 Feb 2017 15:15:23 +0000 (UTC)
MIME-Version: 1.0
Date: Fri, 24 Feb 2017 10:15:23 -0500
To: sivmu@web.de, gnupg-users@gnupg.org, openpgp <openpgp@ietf.org>
From: vedaal@nym.hush.com
In-Reply-To: <trinity-a1d35aa8-add1-4730-b027-0a748b15f0c8-1487886644598@3capp-webde-bap25>
Content-Type: multipart/alternative; boundary="=_016d63778d44bb08846937bb6da9b221"
Message-Id: <20170224151523.B27CFE05F7@smtp.hushmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/SlBAy9cX67m907tcUzH7N8hcG2Y>
Subject: Re: [openpgp] SHA1 collision found
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Feb 2017 15:15:26 -0000
On 2/23/2017 at 4:52 PM, sivmu@web.de wrote:... Not sure about you but I am not able to see the difference between a valid pgp key and "gibberish" ;) ... ===== In the example of the 2 pdf's, they started with one pdf, made another pdf, then multiple (more than billions) trials of adding a string to the second pdf so that it hashes to the first. With regard to generating a new key that hashes to a known specific key, the forger must do 2 things simultaneously; [1] generating new key material [2] seeing that the hashed fingerprint of the new key matches that of the first key The forger does not start with a newly generated key and add material so that the hash would match the first key (the case of the pdf's). If that were the case, then the key system would be broken now for the SHA1 hash. Even for v3 keys, which were not SHA1 hashed, the only way to generate a new key with the same fingerprint, would be to allow the key size to vary (usually to a bizarre key size that would be quite suspect, and not believed). Now, for a V4 key with an SHA1 hash, and a further restriction that the forged key size be the same as the first key, this is not known to be doable day, even with the google cloud computer sharing efforts, and the breakthrough of finding pdf's with the same hash. Again, I fully support moving to a secure hash, but I do think that users have more than enough time until the open-pgp group issues the official standard. vedaal