Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures

Kai Engert <> Thu, 23 January 2020 22:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 74E96120105 for <>; Thu, 23 Jan 2020 14:56:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AvPIazQKAkk9 for <>; Thu, 23 Jan 2020 14:56:43 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7265A1200F3 for <>; Thu, 23 Jan 2020 14:56:43 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPSA id B0ED2185129; Thu, 23 Jan 2020 22:56:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=2018; t=1579820200; bh=FpfI+nKsGTEh6LXiEqxwMgw/tBBApiAwxKWoOILkym8=; h=To:References:From:Subject:Date:In-Reply-To:From; b=bq0RTT5idVmw9bNRKY/HIz/iZe9KdgJccu1WwYBGIrNcMFTp79uwBKkh5csEtX65K afIKZpLh72MbdCgyqTbmN8sf1zM7TbKfQZ7Kz253oZqKTxiRpNzcBMRMTbh2ICBjaf 3CPl1NtW/D/innB9wYDyCcs8Olwq/1d844HiaaKFZnWCv1Pt3F5dJebP5zBXlrDH41 NuNVL+GXH80LXZSYkCe1Yz7wzwmV/BiCY66I+uzyMqro56t+c3cpkJ4Y+h9BfnsXWh LMVN8xREq9m0o2ynmDbH5/woZl+f6xQHW/mVd1fb2aOdn2QOM4f8O5J1TM2Qc5pi1a iyKT+PT5NtNNQ==
To: Marcus Brinkmann <>,
References: <>
From: Kai Engert <>
Message-ID: <>
Date: Thu, 23 Jan 2020 23:56:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Thunderbird/68.4.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jan 2020 22:56:46 -0000

On 22.01.20 15:31, Marcus Brinkmann wrote:
> * The authors could have easily created colliding public keys with
> identical (160 bit SHA-1) fingerprints, at the cost of 45k USD.
> Although I don't know about any attack made possible by owning such a
> pair of keys, the pure existence of a fingerprint collision could cause
> problems in some appliations, triggering potential bugs in code that
> assumes fingerprints can never be identical.

Does this mean, anyone can create a key pair that has the same 
fingerprint as I have on my business card, by spending that amount of money?

Does this mean, comparing a 20 bytes (40 hex digits) fingerprint, as 
printed by e.g. GnuPG 2.2.x, is no longer a reliable way to verify you 
have obtained the correct key?