Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures

Kai Engert <kaie@kuix.de> Thu, 23 January 2020 22:56 UTC

Return-Path: <kaie@kuix.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74E96120105 for <openpgp@ietfa.amsl.com>; Thu, 23 Jan 2020 14:56:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.101
X-Spam-Level:
X-Spam-Status: No, score=-0.101 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kuix.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvPIazQKAkk9 for <openpgp@ietfa.amsl.com>; Thu, 23 Jan 2020 14:56:43 -0800 (PST)
Received: from cloud.kuix.de (cloud.kuix.de [93.90.207.85]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7265A1200F3 for <openpgp@ietf.org>; Thu, 23 Jan 2020 14:56:43 -0800 (PST)
Received: from [10.137.0.12] (ip-95-223-75-131.hsi16.unitymediagroup.de [95.223.75.131]) by cloud.kuix.de (Postfix) with ESMTPSA id B0ED2185129; Thu, 23 Jan 2020 22:56:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kuix.de; s=2018; t=1579820200; bh=FpfI+nKsGTEh6LXiEqxwMgw/tBBApiAwxKWoOILkym8=; h=To:References:From:Subject:Date:In-Reply-To:From; b=bq0RTT5idVmw9bNRKY/HIz/iZe9KdgJccu1WwYBGIrNcMFTp79uwBKkh5csEtX65K afIKZpLh72MbdCgyqTbmN8sf1zM7TbKfQZ7Kz253oZqKTxiRpNzcBMRMTbh2ICBjaf 3CPl1NtW/D/innB9wYDyCcs8Olwq/1d844HiaaKFZnWCv1Pt3F5dJebP5zBXlrDH41 NuNVL+GXH80LXZSYkCe1Yz7wzwmV/BiCY66I+uzyMqro56t+c3cpkJ4Y+h9BfnsXWh LMVN8xREq9m0o2ynmDbH5/woZl+f6xQHW/mVd1fb2aOdn2QOM4f8O5J1TM2Qc5pi1a iyKT+PT5NtNNQ==
To: Marcus Brinkmann <marcus.brinkmann=40rub.de@dmarc.ietf.org>, openpgp@ietf.org
References: <d8321b24-8836-2702-6b01-242b4cab932f@rub.de>
From: Kai Engert <kaie@kuix.de>
Message-ID: <e4dc8c25-2282-17a8-7e64-cee55f43be84@kuix.de>
Date: Thu, 23 Jan 2020 23:56:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Thunderbird/68.4.2
MIME-Version: 1.0
In-Reply-To: <d8321b24-8836-2702-6b01-242b4cab932f@rub.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/jRZIRrK4hwg3_oDM7HkOYnWDxwI>
Subject: Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 22:56:46 -0000

On 22.01.20 15:31, Marcus Brinkmann wrote:
> * The authors could have easily created colliding public keys with
> identical (160 bit SHA-1) fingerprints, at the cost of 45k USD.
> Although I don't know about any attack made possible by owning such a
> pair of keys, the pure existence of a fingerprint collision could cause
> problems in some appliations, triggering potential bugs in code that
> assumes fingerprints can never be identical.

Does this mean, anyone can create a key pair that has the same 
fingerprint as I have on my business card, by spending that amount of money?

Does this mean, comparing a 20 bytes (40 hex digits) fingerprint, as 
printed by e.g. GnuPG 2.2.x, is no longer a reliable way to verify you 
have obtained the correct key?

Thanks
Kai