Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Question OpenPGP - MDC Packet - SHA1

    OpenPGP Standard RFC 4880 (Not Totally a Linux Question, but as I may be using GnuPG on Linux... I will ask anyhow

    The Modification Detection Code Packet is defined to use SHA-1, even though it does state in section 13.11. that this can be altered, and gives example methods. However this would cause interoperability, (q1)so I assume there is no standard method of doing this??

    (q2)How much of a threat do you believe this to be? Even though the SHA-1 hash is encrypted within the symmetrically encrypted integrity protected data packet.



  2. #2
    Linux Engineer psic's Avatar
    Join Date
    Nov 2004
    Ljubljana, Slovenia
    I don't know about your first question (though I would say your assumption is correct), but as for the second, according to Wikipedia (which quotes Bruce Shneier, who is quite a security guru):

    Quote Originally Posted by Wikipedia
    SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely-used security applications and protocols. In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable.
    I use GnuPG myself (just for email for now, with the Claws email client), but I really can't imagine having any information which would be worth enough for someone to take the time and try to crack the encryption. So no, I don't see this as a problem.

    ps. though IANAM - I am not a mathematician
    Stumbling around the 'net:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts