[messaging] Keybase Proofs
tbray at textuality.com
Wed Nov 19 08:15:52 PST 2014
This actually raises an interesting larger point. My implementation of
Keybase proof verification is based on BouncyCastle (and I was pleased by
the zero interop friction, since I bet basically none of the keys or proofs
were constructed with that software).
I’m not a cryptographer, I just looked at the API and followed the
instructions. I think that’s what the community of experts would like
non-expert implementors to do. I have to confess I have no idea whether
or not BouncyCastle is doing what David Leon Gil calls “checking any of the
RSA cryptosystem's validity conditions”. Should non-expert implementors
like me worry?
On Wed, Nov 19, 2014 at 6:19 AM, Maxwell Krohn <themax at gmail.com> wrote:
> > On Nov 19, 2014, at 1:47 AM, Tim Bray <tbray at textuality.com> wrote:
> > Are there any threads other than the one starting at
> > The conclusion there, via David Leon Gil, is instructive:
> Exactly, we put more checks into our PGP implementation as a result of
> this discussion:
> Presumably PGP (which our CLI shells out to), had some of those checks all
> along (taking David’s word on this
> though I can’t find them looking through the source code).
> In that previous discussion, we weren’t assuming the worst of SHA-1, but
> such an assumption
> seems reasonable going forward. The OpenPGP folks should assume the same,
> and transition to
> a SHA-2 (or -3) based key fingerprint. In addition to the issues I
> mentioned previously, if SHA-1 is broken,
> I’m sure we’ll find many implementation flaws in GnuPG, which uses SHA-1
> key fingerprints internally to check for
> key equality.
> I disagree with Tony, I don’t see a compelling argument here that the
> Keybase design is “conceptually flawed,”
> especially if including SHA-2 or SHA-3 key fingerprints in our proofs can
> defeat the proposed attack.
- Tim Bray (If you’d like to send me a private message, see
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging