Slashdot Mirror

← Back to Stories (view on slashdot.org)

Preparing To Migrate Off of SHA-1 In OpenPGP

Posted by kdawson on from the orderly-fashion dept.

jamie found a note on debian-administration.org, the first in a promised series on migrating off of SHA-1 in OpenPGP. "Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be 'moving in an orderly fashion toward the theater exits,' deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US govt. federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results). ... So what can you do to help facilitate the move away from SHA-1? I'll outline three steps that current gpg users can do today, and then I'll walk through how to do each one..."

5 of 152 comments (clear)

  1. He's Got a Knife! by eldavojohn · · Score: 5, Funny

    'moving in an orderly fashion toward the theater exits'

    An elderly application was trampled to death today as everyone struggled to exit the Sha One theater after someone screamed that an unknown assailant had a knife. After the panic, there was no evidence of injuries from the alleged attack and police are still investigating the presence of an actual weapon.

    --
    My work here is dung.
  2. Re:First MD5 and now this by Anonymous Coward · · Score: 5, Insightful

    Perfect security is not feasible. "Secure enough" changes over time.

  3. Re:First MD5 and now this by swillden · · Score: 5, Informative

    Is there any hash function that actually is secure?

    There are some for which no known attacks exist. SHA-256 and SHA-512, Whirlpool and Tiger are all pretty thoroughly-reviewed with no weaknesses uncovered. The NIST hash function competition is causing a great deal of new hash function research and we'll almost certainly get a bunch of great new hash functions out of it -- many of them not only secure, but significantly faster than SHA-1.

    If you're thinking that "no known attacks" isn't good enough, keep in mind that's as good as it every gets in cryptography, with the sole exception of the One Time Pad

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. Re:First MD5 and now this by Anonymous Coward · · Score: 5, Informative

    That is not what secure means with regard to hash functions. Secure means that it is not feasible to construct a document which has the same hash value as a given document (pre-image attack) or to construct two documents which have the same hash value (collision attack). The complexity of these attacks is ideally such that simply enumerating documents is the fastest way (brute force). Reducing the number of documents which you have to try to find a match makes a successful attack more likely. The complexity which is deemed as breaking the hash function depends on the adversaries and time frames relevant to a particular application.

  5. Re:Can someone give me a quick rundown? by molo · · Score: 5, Informative

    Did no one really reply to this?

    PGP is the original. Phil Zimmerman, export control, all the history.

    OpenPGP is a specification for all input and output of a PGP system. RFC 4880. Diverges from PGP5.

    GPG == GNUPG. A Free Software implementation of OpenPGP. Has now become the most commonly used OpenPGP implementation. Werner Koch is the project lead.

    -molo

    --
    Using your sig line to advertise for friends is lame.