From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 125500 invoked by alias); 17 Aug 2017 08:39:37 -0000 Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org Received: (qmail 124251 invoked by uid 89); 17 Aug 2017 08:39:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=gnupg, H*f:sk:CAAD4mY, H*i:sk:CAAD4mY, 2024 X-Spam-User: qpsmtpd, 2 recipients X-HELO: mail-wr0-f177.google.com Received: from mail-wr0-f177.google.com (HELO mail-wr0-f177.google.com) (209.85.128.177) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 17 Aug 2017 08:39:34 +0000 Received: by mail-wr0-f177.google.com with SMTP id 5so11366152wrz.5; Thu, 17 Aug 2017 01:39:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hhLy7HzT5Sjx8Dt1AdR+qFQUFeIA40yu8tlqGEC4z4E=; b=sMUwtCvXJqnue41LDyra1LV4trQurX+qxMcKRIyYTlLgRzicjD7kt+3cEpEmSMaMIE awim6VO2wNDU4ZuhDAvoJx7KwBE4E3fFczCtXOX8Vq/71349t765cbRNiqLID/JS8YVi JQhs/BuebXsmGnvDwRU8WRNv9slhXp7np14JXYz0f7fpfXE3kP8AQVzDkeKOuWw55QIg 83Q6ylozUFTOqHoEO0o8IdPcrwkGOgIoS/GxkSQr/nFuxjUeskU3bf8dqDwRSsZPmcHI WSxOPYjeX0ipHUsfT9yqc1AUsv1BJmjhnoL/aiRkMA9MXpCaKNocLtrYqx+nl7/JCEQ9 yPRw== X-Gm-Message-State: AHYfb5iHYJdZ0mFVcgC955cXebEiz12D3bA3v7xUjGD0sqwjVXYJaL/P GKUb2etgXiiliZHJHVjRSLkl+rjsZw== X-Received: by 10.80.132.227 with SMTP id 90mr1169915edq.182.1502959172086; Thu, 17 Aug 2017 01:39:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.180.249 with HTTP; Thu, 17 Aug 2017 01:39:31 -0700 (PDT) In-Reply-To: References: From: Richard Biener Date: Thu, 17 Aug 2017 08:39:00 -0000 Message-ID: Subject: Re: Release Signing Keys are Susceptible to Attack To: R0b0t1 Cc: Binutils , GCC Development , gdb@sourceware.org Content-Type: text/plain; charset="UTF-8" X-SW-Source: 2017-08/txt/msg00036.txt.bz2 On Thu, Aug 17, 2017 at 4:23 AM, R0b0t1 wrote: > After downloading and verifying the releases on > ftp://ftp.gnu.org/gnu/, I found that the maintainers used 1024 bit DSA > keys with SHA1 content digests. 1024 bit keys are considered to be > susceptible to realistic attacks, and SHA1 has been considered broken > for some time. > > http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf, p17 > https://shattered.io/ > > SHA1 is weak enough that a team of researchers was able to mount a > realistic attack at no great cost. It looks like gpg2 uses SHA1 as digest algorithm by default. I use a 2048bit RSA for signing, that should be ok, no? I suggest to report the issue to gnupg upstream (I'm using 2.0.24 with libgcrypt version 1.6.1). It looks like the OpenPGP standard mandates SHA1 here and using --digest-algo is stronly advised against for interoperability reasons. Richard. > As compilers and their utilities are a high value target I would > appreciate it if the maintainers move to more secure verification > schemes. > > Respectfully, > R0b0t1.