[messaging] Keybase Proofs
Maxwell Krohn
themax at gmail.com
Wed Nov 19 06:19:34 PST 2014
> On Nov 19, 2014, at 1:47 AM, Tim Bray <tbray at textuality.com> wrote:
>
> Are there any threads other than the one starting at http://www.metzdowd.com/pipermail/cryptography/2014-September/022754.html ?
>
> The conclusion there, via David Leon Gil, is instructive: http://www.metzdowd.com/pipermail/cryptography/2014-September/022758.html
>
Exactly, we put more checks into our PGP implementation as a result of this discussion:
https://github.com/keybase/kbpgp/commit/ef9f264c5d4bd6e908d8da26c84863dffa19a662
Presumably PGP (which our CLI shells out to), had some of those checks all along (taking David’s word on this
though I can’t find them looking through the source code).
In that previous discussion, we weren’t assuming the worst of SHA-1, but such an assumption
seems reasonable going forward. The OpenPGP folks should assume the same, and transition to
a SHA-2 (or -3) based key fingerprint. In addition to the issues I mentioned previously, if SHA-1 is broken,
I’m sure we’ll find many implementation flaws in GnuPG, which uses SHA-1 key fingerprints internally to check for
key equality.
I disagree with Tony, I don’t see a compelling argument here that the Keybase design is “conceptually flawed,”
especially if including SHA-2 or SHA-3 key fingerprints in our proofs can defeat the proposed attack.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/d102066b/attachment.sig>
More information about the Messaging
mailing list