Re: Many vulnerabilities in GnuPG

[Stephan Verbücheln <stephan () verbuecheln ch>]

On Tue, 2025-12-30 at 00:34 -0600, Jacob Bachmeyer wrote:
> I am not sure about that.  As I understand, OpenPGP (and Git, for 
> another example) only needs second preimage resistance, unlike X.509 
> which needs absolute collision resistance, and the closest attack on 
> SHA-1 is still only a chosen-prefix collision.
>
> The SHA-1 sky has not fallen, yet.  It may be getting a bit creaky,
> but it is not falling.  :-)  (Yet...)  :-/

For certifications (aka key signatures), SHA-1 should be considered
insecure. An attacker could generate two identities with the same SHA-1
hash and then let people sign one of them.

Regards

Attachment: signature.asc
Description: This is a digitally signed message part