[Enigmail] Solved: PGP indicates enigmail signed messages are invalid

Faramir faramir.cl at gmail.com
Mon Apr 13 08:25:42 PDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Moonchild escribió:
...
> Actually, I only ran into it because the first thing I did was send
> myself a signed message from TB with enigmail to test, and it failed
> checking the signature. I haven't run into any issues with anyone else
> so far, like I said.

  That's good, I hope you won't have more problems...


> As for problems with hashes having collisions etc. - Theoretically, it
> is an issue. In practice, ANY hash will find situations where the same
> hash is found for different sources, the question then becomes: is it a
> practical issue to assume this minutely small chance will pose a problem
> with normal use? Is there really a danger of someone, in a reasonable
> amount of computing time, being able to recreate a valid has from an
> altered message? I think it's unneeded.

  Well, some time ago, it was something that was not possible to do even
in an unreasonable amount of computing time, now it is possible (with
MD5) with an unreasonable amount of computing time... and in future, we
don't know. In my short experience, I think people using cryptography is
uncomfortable with uncertainty.


> As it is, I'll verify RFC4880 compliance with my peers before migrating
> to it by removing the --pgp6 switch again.

  Good, that is the idea, you don't need to migrate today, but you
should "push" your peers to migrate to something more standard. Not just
 for security, but also to don't have to worry about having to force
compatibilities.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJ41l1AAoJEMV4f6PvczxAPpQIAJG+hza/Q1P3naOLefE4wpD8
B13Ca0iYmvA0DKM+4sYsWGWZVDNGC9iA06P5G/4lGD7UwSaTZDeU/nGDNDe7XUyE
PfShU8LA1Uk6gqt/iJsZ1q39Z/XTTzrqiXk1Q4pM4lQfcrAr92ANZC5MC9eYiiG6
wKgAw0mKB4uthPtyDTmAYVHSsz33V0zKLdDsYINPKSa2zBuUNmtAYYzb7tJVir5w
9nVoVwSKKnU7QU5cPE4SXjd2Ol/d5LhlpPVa2aKYj6WQxVchhrwzM3zgEiahhsFV
yZp1oVtTv0PnGBUNvaSwiF2BBGf8jjwZPzcd5LZ8zQCYqbFwPs+sGfS5opEtptM=
=/yeU
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list