On Wed, 9 Oct 2013 01:09, sanv...@unex.es said: > Sorry but I'm not a cryptographer. Do you mean that as far as there is > not a known exploit, there is nothing to worry about?
No. A threat model is used to answer several questions for example: "What do you want to protect against". In this case you would for example need to evaluate whether a collision attack on the hash is part of the threat mode: Such an attack can only be mounted by the owner of the signing key (the signing party) - but the owner could also create two signatures on different files. So, this does not matter. BTW, A second pre-image attack (finding data which yields the same hash value as a specific given data) is way more complex than a collision attack. There are not even signs on how that can be done with SHA1. Actually it is not even known how to do a collission attack on SHA1 - but granted, we expect that this may happen in the next few years. > There is a preference list for digests that I can set in my key and > publish on the keyservers, but apparently there is not a preference > list for the digest algorithm used in key signign (I naively thought David already explained that. The hash preferences work only in a special case - usually there is no way for a verifying party to tell the signing part what algorithm to use. There is one signing party but often hundreds or more of verifying parties. Thus is is better to agree on a widely deployed standard. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
