[messaging] Keybase Proofs

Maxwell Krohn themax at gmail.com
Wed Nov 19 06:19:34 PST 2014

> On Nov 19, 2014, at 1:47 AM, Tim Bray <tbray at textuality.com> wrote:
> Are there any threads other than the one starting at http://www.metzdowd.com/pipermail/cryptography/2014-September/022754.html ?
> The conclusion there, via David Leon Gil, is instructive: http://www.metzdowd.com/pipermail/cryptography/2014-September/022758.html

Exactly, we put more checks into our PGP implementation as a result of this discussion:

Presumably PGP (which our CLI shells out to), had some of those checks all along (taking David’s word on this
though I can’t find them looking through the source code).

In that previous discussion, we weren’t assuming the worst of SHA-1, but such an assumption
seems reasonable going forward.  The OpenPGP folks should assume the same, and transition to
a SHA-2 (or -3) based key fingerprint. In addition to the issues I mentioned previously, if SHA-1 is broken,
I’m sure we’ll find many implementation flaws in GnuPG, which uses SHA-1 key fingerprints internally to check for
key equality.

I disagree with Tony, I don’t see a compelling argument here that the Keybase design is “conceptually flawed,”
especially if including SHA-2 or SHA-3 key fingerprints in our proofs can defeat the proposed attack.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141119/d102066b/attachment.sig>

More information about the Messaging mailing list