[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bf56d9e046e229528284752103fd1c0e035e9717.camel@verbuecheln.ch>
Date: Mon, 05 Jan 2026 11:25:45 +0100
From: Stephan Verbücheln <stephan@...buecheln.ch>
To: oss-security@...ts.openwall.com
Subject: Re: Many vulnerabilities in GnuPG
On Tue, 2025-12-30 at 00:34 -0600, Jacob Bachmeyer wrote:
> I am not sure about that. As I understand, OpenPGP (and Git, for
> another example) only needs second preimage resistance, unlike X.509
> which needs absolute collision resistance, and the closest attack on
> SHA-1 is still only a chosen-prefix collision.
>
> The SHA-1 sky has not fallen, yet. It may be getting a bit creaky,
> but it is not falling. :-) (Yet...) :-/
For certifications (aka key signatures), SHA-1 should be considered
insecure. An attacker could generate two identities with the same SHA-1
hash and then let people sign one of them.
Regards
Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
