IETF Logo Mail Archive

Re: [openpgp] Fingerprints

Werner Koch <wk@gnupg.org> Wed, 06 May 2015 10:56 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58D5C1A88FE for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 03:56:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zbf_4atchxhe for <openpgp@ietfa.amsl.com>; Wed, 6 May 2015 03:56:49 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C9A1A8850 for <openpgp@ietf.org>; Wed, 6 May 2015 03:56:49 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1Ypx0R-0007q6-Mt for <openpgp@ietf.org>; Wed, 06 May 2015 12:56:47 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YpwxJ-0008P2-Nf; Wed, 06 May 2015 12:53:33 +0200
From: Werner Koch <wk@gnupg.org>
To: Vincent Breitmoser <look@my.amazin.horse>
References: <CAMm+LwhbB+-MnGRBCvprgAGOuu+5CJ2rgod7EBGOQR5UNVrspQ@mail.gmail.com> <87d232lkb6.fsf@alice.fifthhorseman.net> <sjmlhhmakxp.fsf@securerf.ihtfp.org> <871tiupupe.fsf@littlepip.fritz.box> <1430869683.28399.109.camel@scientia.net> <CAMm+LwgE0eOD1JgLYUwA_4Gh+pm-vGGd9hPX9KoUqQ9=RHBygg@mail.gmail.com> <87y4l2noqd.fsf@littlepip.fritz.box>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Vincent Breitmoser <look@my.amazin.horse>, Phillip Hallam-Baker <phill@hallambaker.com>, Christoph Anton Mitterer <calestyo@scientia.net>, IETF OpenPGP <openpgp@ietf.org>
Date: Wed, 06 May 2015 12:53:33 +0200
In-Reply-To: <87y4l2noqd.fsf@littlepip.fritz.box> (Vincent Breitmoser's message of "Wed, 06 May 2015 09:16:22 +0200")
Message-ID: <87wq0mt1si.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/t9HLSO7wGuOQSXN9VqZXyViCGXk>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Phillip Hallam-Baker <phill@hallambaker.com>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Fingerprints
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2015 10:56:51 -0000

On Wed,  6 May 2015 09:16, look@my.amazin.horse said:

> There is such a thing as over-engineering, and increasing a fingerprint
> bit length upwards of 160 bits "just because we can" seems to go in that

We also need to consider policy requirements.  As Phillip already
mentioned it is hard to explain why SHA-1 is sufficient.  In particular
because we use it in a crypto context.  It seems to be hard enough to
explain why using SHA-1 would be sufficient to map a string to a
restricted character set (for DNS) even without any crypto context.

For example: RedHat did a FIPS-140 validation of Libgcrypt and this
required that RMD-160 is disabled in Libgcrypt.  Now, for historic
reasons GnuPG uses this hash algorithm to map user ids to fixed length
strings for use in trustdb.gpg.  With the Libgcrypt change I had to put
separate RMD-160 code into GnuPG to avoid regressions (only Libgcrypt
was validated).  Eventually the same will happen to SHA-1.

To be future proof we should get away from SHA-1 for fingerprints and
use SHA-256 (or SHA-512) instead.  The external representation and even
the internal use in OpenPGP is a different issue and I am all in favor
for truncating it to 32 bytes for internal use and printing only up to
20 bytes.  This avoids extra work and SHA-256 is anyway required.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email