FTR, this issue has been resolved. Somehow ntpsec got lost during the upgrade from Bookworm to Trixie. With ntpsec back in place the warnings are gone.
Regards Harri ________________________________________ From: Jeffrey Walton <noloa...@gmail.com> Sent: Monday, June 2, 2025 23:13 To: Darac Marjal Cc: debian-user@lists.debian.org Subject: Re: apt: WTH is a "second pre-image resistance"? On Mon, Jun 2, 2025 at 5:05 PM Darac Marjal <mailingl...@darac.org.uk> wrote: > > > On 02/06/2025 12:49, Harald Dunkel wrote: > > Hi folks, > > > > trying Trixie "apt update" shows a warning about my local repo > > (managed by reprepro on Bookworm) I don't know how to handle: > > > > Warning: http://debian.example.com/debian/dists/trixie-backports/InRelease: > > Policy will reject signature within a year, see --audit for details > > Audit: http://debian.example.com/debian/dists/trixie-backports/InRelease: > > Sub-process /usr/bin/sqv returned an error code (1), error message is: > > Signing key on xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx is not bound: > > No binding signature at time 2025-06-02T09:32:30Z > > because: Policy rejected non-revocation signature > > (PositiveCertification) requiring second pre-image resistance > > because: SHA1 is not considered secure since 2026-02-01T00:00:00Z > > > > > > I know that SHA1 is not secure, but what is this resistance error message > > trying to tell me? InRelease is signed by a RSA4096 key. Digest is SHA512. > > I also have a revocation key for the signing key. > > > > ??? > > https://stackoverflow.com/questions/28378326/difference-between-preimage-resistance-and-second-preimage-resistance > appears to be a decent primer on the topic. > > Pre-Image resistance prevents you finding the original input for a given > hash. But DEBs are, generally, publicly available, so we're not really > interested in _reversing_ the hash per se. > > Second pre-image resistance prevents you finding ANOTHER input which > matches the hash. > > apt version 3.0.1 lists some of the types which have been deprecated. For completeness, Marc Steven's work on HashClash is relevant, <https://marc-stevens.nl/research/hashclash/>. The security level remaining in SHA-1 is around 2^63, which is well below the theoretical level of 2^80. If collision resistance is a required property, then SHA-2 family should be used. SHA-1 is still Ok for other uses, like entropy extraction. Jeff District Court Aachen - HRB 8057 Management Board: Arnaud Picut (CEO), Hicham El Bonne (CTO) Chairman of the Supervisory Board: Benjamin Carl Lucas
