2 thoughts on “SHA1 Collisions Get Cheaper

  1. Incidentally, AFAIK all versions of GPG will accept SHA1 "subkey binding signatures", which means that one can inexpensively take a third party's public key and produce another, which contains an enemy-generated subkey in addition to your legitimate one, and will still emit "gpg: Good signature from "You foo@bar…" using RSA key ID yourgenuinekeyid" when a message signed with the glued-on subkey is run through gpg –verify. Such a diddled key will return "valid" on both genuine (signed by your genuine priv.) and enemy-generated sigs.

    The correct pill against this is to finally throw out the "subkeys" and "bindings" nonsense and distribute fixed-modulus public keys.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>