[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] New fingerprint: to v5 or not to v5

On 9/17/2015 at 2:44 PM, "Werner Koch" <wk@xxxxxxxxx> wrote:

Some people claim that a SHA-1 fingerprint might soon be problematic due
to collision attacks. If we assume that this is indeed the case, the
question is whether switching to SHA-256 for the very same key does
actually help: The mix of different fingerprints for the same key will
lead to the same confusion we have seen with X.509 and ssh. Further, if
there is a need to switch to a stronger fingerprint format for the same
key, should the user not also assume that the use of the key has already
been compromised and it is time to create a new key?


If Collision attacks become viable for SHA-1 fingerprints, then they would probably also become viable for subkeys as well, and it might be possible for an attacker to generate a subkey with a collision for the cross-certifying signature, and be able to graft a false subkey onto a master key with a SHA-1 signature, which would definitely be a key compromise.

so, yes,  it would be reasonable to have a new V5 format for the new fingerprint.

openpgp mailing list