This is the mail archive of the mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Release Signing Keys are Susceptible to Attack

On Thu, Aug 17, 2017 at 4:23 AM, R0b0t1 <> wrote:
> After downloading and verifying the releases on
>, I found that the maintainers used 1024 bit DSA
> keys with SHA1 content digests. 1024 bit keys are considered to be
> susceptible to realistic attacks, and SHA1 has been considered broken
> for some time.
>, p17
> SHA1 is weak enough that a team of researchers was able to mount a
> realistic attack at no great cost.

It looks like gpg2 uses SHA1 as digest algorithm by default.  I use
a 2048bit RSA for signing, that should be ok, no?

I suggest to report the issue to gnupg upstream (I'm using 2.0.24
with libgcrypt version 1.6.1).  It looks like the OpenPGP standard
mandates SHA1 here and using --digest-algo is stronly advised
against for interoperability reasons.


> As compilers and their utilities are a high value target I would
> appreciate it if the maintainers move to more secure verification
> schemes.
> Respectfully,
>      R0b0t1.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]