Verifying a signature with SHA512 digest

Discussion:

Bob Jonkman

2014-02-18 05:25:12 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all: I've just set GnuPG's message digest to use SHA512 for outbound
mail signatures. The GnuPG man pages tell me that anything more than
SHA1 may not be compatible with some PGP implementations, but the
rest of the Internets tell me that SHA1 is vulnerable to attack.

My messages are being verified OK by people with GnuPG, but I'm curious
if PGP users can verify the signature on this message. And especially
let me know if it doesn't.

For those interested, I added the line

digest-algo sha512

to my ~/.gnupg/gpg.conf file, so it affects all GnuPG applications. I
could have done it only for e-mail by putting "--digest-algo sha512"
in Thunderbird Enigmail's "OpenPGP, Preferences, Advanced, Additional
parameters for GnuPG" field.

Thanx,
- --Bob.

- --

Bob Jonkman <***@sobac.com> Phone: +1-519-669-0388
SOBAC Microcomputer Services http://sobac.com/sobac/
http://bob.jonkman.ca/blogs/ http://sn.jonkman.ca/bobjonkman/
Software --- Office & Business Automation --- Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEAREKAAYFAlMC7rUACgkQuRKJsNLM5eqHzwCeLfAs2FFsYduwtiEQsAvMWUVm
3HgAoMQ2QS/71O/Egtd2zNJCgnLoi/u2
=bW73
-----END PGP SIGNATURE-----

------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/

Robert J. Hansen

2014-02-18 05:59:54 UTC

Permalink

Post by Bob Jonkman
SHA1 may not be compatible with some PGP implementations, but the
rest of the Internets tell me that SHA1 is vulnerable to attack.

The rest of the internet is wrong. The only published attack against
SHA-1 so far allows people to produce two random strings -- stuff that
looks like line noise -- which hash out the same.

At present there is no risk to using SHA-1. We definitely want to
migrate away from it, because attacks only ever get better over time and
never worse. But for right now, there's no reason to panic.

Post by Bob Jonkman
My messages are being verified OK by people with GnuPG, but I'm curious
if PGP users can verify the signature on this message. And especially
let me know if it doesn't.

Anyone using a recent PGP will be able to.

Post by Bob Jonkman
digest-algo sha512

Please please please don't do this. Instead, use:

personal-digest-preference SHA512 SHA256

digest-algo should pretty much never be used.

------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/

Bob Jonkman

2014-02-18 06:03:26 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Post by Robert J. Hansen

Post by Bob Jonkman
digest-algo sha512

personal-digest-preference SHA512 SHA256
digest-algo should pretty much never be used.

OK, easy to fix. But why?

- --Bob.

Post by Robert J. Hansen

Post by Bob Jonkman
SHA1 may not be compatible with some PGP implementations, but
the rest of the Internets tell me that SHA1 is vulnerable to
attack.

The rest of the internet is wrong. The only published attack
against SHA-1 so far allows people to produce two random strings --
stuff that looks like line noise -- which hash out the same.
At present there is no risk to using SHA-1. We definitely want to
migrate away from it, because attacks only ever get better over
time and never worse. But for right now, there's no reason to
panic.

Post by Bob Jonkman
My messages are being verified OK by people with GnuPG, but I'm
curious if PGP users can verify the signature on this message.
And especially let me know if it doesn't.

Anyone using a recent PGP will be able to.

Post by Bob Jonkman
digest-algo sha512

personal-digest-preference SHA512 SHA256
digest-algo should pretty much never be used.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEAREKAAYFAlMC96wACgkQuRKJsNLM5erxdACcCTODke1sEo5VkMUbEqHWgGj5
+akAoJFgMMdPfaZIvsbPb6qEj63cN2KX
=5y2I
-----END PGP SIGNATURE-----

------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/

Robert J. Hansen

2014-02-18 06:08:10 UTC

Permalink

Post by Bob Jonkman

Post by Robert J. Hansen
digest-algo should pretty much never be used.

OK, easy to fix. But why?

digest-algo says "use SHA512, period, even if it breaks compatibility or
results in something that's not conformant to the RFC."

personal-digest-preferences says "I prefer to use SHA512. If the other
person's public key indicates they can't read SHA512, then use SHA256
instead."

------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/

Bob Jonkman

2014-02-18 17:53:33 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Robert J. Hansen
personal-digest-preferences says "I prefer to use SHA512. If the
other person's public key indicates they can't read SHA512, then
use SHA256 instead."

Makes sense.

Now that I've put in "personal-digest-preferences sha512 sha256" my
clear-signed messages still use SHA1. I wonder why?

But based on your earlier advice I probably shouldn't worry about SHA1.

- --Bob.

Post by Robert J. Hansen

Post by Bob Jonkman

Post by Robert J. Hansen
digest-algo should pretty much never be used.

OK, easy to fix. But why?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlMDnhsACgkQuRKJsNLM5er2EgCg+2kBSZXTjuw0V/n+r0Wbkj3q
XwAAoLJoCBrbV3cjSrhHJWpTkPo4c1AW
=vsuy
-----END PGP SIGNATURE-----

------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/

Robert J. Hansen

2014-02-18 19:32:20 UTC

Permalink

Post by Bob Jonkman
Now that I've put in "personal-digest-preferences sha512 sha256" my
clear-signed messages still use SHA1. I wonder why?

Your signing key is 1024-bit DSA, which requires the use of a 160-bit
hash. (The newer DSA2 standard allows you to use a larger hash and have
it be truncated down to 160 bits.)

Try putting "enable-dsa2" in your gpg.conf file; that should enable you
to use SHA512 or SHA256. But note, please, you'll only get 160 bits of
hash out of it.

Alternately, add "RIPEMD160" to the end of your
personal-digest-preferences, and you'll use RIPE's MD160 hash algorithm
in lieu of SHA1. This 160-bit hash algorithm may be used with
old-school DSA.

Finally, although I am not particularly worried about SHA-1, the
long-term prospects of 1024-bit DSA are really quite dismal. I would
strongly suggest generating a new 2048-bit DSA2 or RSA key, which should
be safe for about the next 15 years.

------------------------------------

______________________________________________________________
Archives: http://groups.yahoo.com/group/PGP-Basics/messages
OT List: http://groups.yahoo.com/group/PGP-Basics-OT
OT Subscribe: mailto:PGP-Basics-OT-***@yahoogroups.com
Gossamer Spider Web of Trust http://www.gswot.org

Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PGP-Basics/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/PGP-Basics/join
(Yahoo! ID required)

<*> To change settings via email:
PGP-Basics-***@yahoogroups.com
PGP-Basics-***@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
PGP-Basics-***@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
http://info.yahoo.com/legal/us/yahoo/utos/terms/