On Thu, Aug 17, 2017 at 4:23 AM, R0b0t1 <r03...@gmail.com> wrote: > After downloading and verifying the releases on > ftp://ftp.gnu.org/gnu/, I found that the maintainers used 1024 bit DSA > keys with SHA1 content digests. 1024 bit keys are considered to be > susceptible to realistic attacks, and SHA1 has been considered broken > for some time. > > http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf, > p17 > https://shattered.io/ > > SHA1 is weak enough that a team of researchers was able to mount a > realistic attack at no great cost.
It looks like gpg2 uses SHA1 as digest algorithm by default. I use a 2048bit RSA for signing, that should be ok, no? I suggest to report the issue to gnupg upstream (I'm using 2.0.24 with libgcrypt version 1.6.1). It looks like the OpenPGP standard mandates SHA1 here and using --digest-algo is stronly advised against for interoperability reasons. Richard. > As compilers and their utilities are a high value target I would > appreciate it if the maintainers move to more secure verification > schemes. > > Respectfully, > R0b0t1.
