[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG Workshop during DebCamp

Hi,

On Fri, 2024-07-26 at 14:08 +0900, Justus Winter wrote:
> In the OpenPGP ecosystem, we have seen that people think that if GnuPG
> accepts an artifact, then it must be okay to emit such an artifact.  As
> you can see [0], GnuPG still accepts SHA1-based signatures.  And, we
> have seen big players [1][2] use SHA-1 in their signing keys.
> 
> 0: https://tests.sequoia-pgp.org/#Signature_over_the_shattered_collision
> 1: https://github.com/microsoft/linux-package-repositories/issues/47
> 2: https://bugzilla.redhat.com/show_bug.cgi?id=2170878#c19
> 
> We considerably improved the situation by rejecting these signatures,
> even though that caused a considerable amount of pain in the short term.

Recently on debian-vote@ it was pointed out repeatedly that SHA-1 is
still a perfectly secure hash algorithm for many applications (probably
just as MD5).

If Debian already relies on SHA-1 to be a cryptographic strong hash,
there is probably no reason to not accept SHA-1 signatures nor for
hashes other than SHA-1 in Packages/Sources indices (or even just MD5
to save space).

Currently dak already has code to reject SHA-1 signatures, but maybe we
should also remove that given SHA-1-based signatures are trusted by
other parts as well.

Ansgar
Reply to: