This is the mail archive of the gdb@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Release Signing Keys are Susceptible to Attack


On Thu, Aug 17, 2017 at 4:23 AM, R0b0t1 <r030t1@gmail.com> wrote:
> After downloading and verifying the releases on
> ftp://ftp.gnu.org/gnu/, I found that the maintainers used 1024 bit DSA
> keys with SHA1 content digests. 1024 bit keys are considered to be
> susceptible to realistic attacks, and SHA1 has been considered broken
> for some time.
>
> http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf, p17
> https://shattered.io/
>
> SHA1 is weak enough that a team of researchers was able to mount a
> realistic attack at no great cost.

It looks like gpg2 uses SHA1 as digest algorithm by default.  I use
a 2048bit RSA for signing, that should be ok, no?

I suggest to report the issue to gnupg upstream (I'm using 2.0.24
with libgcrypt version 1.6.1).  It looks like the OpenPGP standard
mandates SHA1 here and using --digest-algo is stronly advised
against for interoperability reasons.

Richard.

> As compilers and their utilities are a high value target I would
> appreciate it if the maintainers move to more secure verification
> schemes.
>
> Respectfully,
>      R0b0t1.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]