[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GPG: Deprecated hash + local "game over" exploit

Subject: GPG: Deprecated hash + local "game over" exploit
From: guninski at guninski.com (Georgi Guninski)
Date: Sun, 2 Jul 2017 10:13:04 +0300
In-reply-to: <[email protected]>
References: <[email protected]>

On Sat, Jul 01, 2017 at 04:17:29PM -0400, Steve Kinney wrote:
> A couple of days ago Shawn pointed out offlist that my GPG installation
> was using SHA1 when signing messages.  Although seven hash functions are
> included in GnuPG 1.4.16, SHA1 is still the default.
>
It was funny when someone (likely you) signed inline with SHA1 email
about SHA1 collisions and the choice of hash was obvious :)

Follow-Ups:
- GPG: Deprecated hash + local "game over" exploit
  - From: admin at pilobilus.net (Steve Kinney)

References:
- GPG: Deprecated hash + local "game over" exploit
  - From: admin at pilobilus.net (Steve Kinney)

Prev by Date: Satoshi's Trump Card
Next by Date: [[email protected]: [antlr-discussion] Recent presentation on using ANTLR in cybersecurity]
Previous by thread: GPG: Deprecated hash + local "game over" exploit
Next by thread: GPG: Deprecated hash + local "game over" exploit
Index(es):
- Date
- Thread