SHA1 (SHA-1) is broken - How to configure GnuPG and Mozilla Thunderbird / Enigmail
Post date: Feb 24, 2017 3:40:56 PM
Generic background information for this post and SHA-1 being broken can be found from this site: Shattered.io
Simply put: Well, they've done it. SHA1 collision generated on purpose.
SHA1 has been on way out for a decade. But now it's finally time to retire it on cases where security matters. It still can be used as hash algorithm, as long as you just remember it isn't secure one. I'm using often some extremely simple algorithms like adler32 or crc32 to generate 'hashes'. Point is just to generate short version of data, which is highly likely to produce another outcome if data is being changed.
As happened with MD5, it's probable that massive increase in attack strength expected in near future. So if it's now considered to be broken, soon it will be much more broken.
GnuPG configuration
In gpg.conf set following settings:
personal-digest-preferences SHA256 SHA512digest-algo SHA256
Enigmail for Mozilla Thunderbird configuration
In Thunderbird settings, just set:
extensions.enigmail.mimeHashAlgorithm = 3It stands for SHA256. Note that the = is just indicating key and value separation. The equal sign shouldn't be used.
Other issues and tests
Even if digest-algo and personal-preferences are set, and the recipient doesn't set any hash preference. Enigmail still signs with SHA1. I don't know why.
These tests were made from command-line / shell.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Test-----BEGIN PGP SIGNATURE-----Version: GnuPG v1 iEYEARECAAYFAlivncgACgkQrgJ3hCdO9iaVUgCdFGkBNiUHQ69fmlt6ai6j+9AblkgAmQHC7uPnWeTVlhMlDzjvjpXym1x6=YKBM-----END PGP SIGNATURE-----
Only when digest-algo SHA256 option is enabled then output will be using
SHA256.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 Test-----BEGIN PGP SIGNATURE-----Version: GnuPG v2 iEYEAREIAAYFAlivnhUACgkQrgJ3hCdO9ib07QCfUip2uFfgPWzn9ndGImaqqcUFfoYAnj0V3k2A5G7yE1BS1wFJFseztpfI=G7X1-----END PGP SIGNATURE-----
As you can notice I've tested everything using GnuPG v1 and GnuPG v2.
Now the command line --clearsign produces right output. Yet interestingly that won't affect Enigmail.
Also my own default key sets SHA256 as preference. But that won't clearly affect signing by default with that key. Which would have been nice?
Just to make sure that the recipient preferences do not affect the outcome. I've disabled the digest-algo option and tried using -r when clear signing.
GnuPG just warns that -r without -e doesn't encrypt the message. But still the digest-algo preferences set by -r user's preferences won't affect the digest algorithm. Hmph.
So, just go and add digest-algo SHA256 in your gpg.conf if it isn't there already.
But how do I specify the hash algorithm for Enigmail?
Quote from Enigmail Wiki documentation:
"Enigmail relies by default on GnuPG for selecting the hash (digest) algorithm. From GnuPG, the hash algorithm can be specified in the file gpg.conf using the parameter digest-algo hash_algorithm."
Yet for some interesting reason, the digest-algo setting didn't actually affect Enigmail.
Other values for mimeHashAlgorithm with Enigmail:
0: Automatic selection, let GnuPG choose (default, recommended)
1: SHA1
2: RIPEMD160
3: SHA256
4: SHA384
5: SHA512
After changing the settings, I sent email to myself and verified that the setting actually affects the mesages being sent out:
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="N/A"
If settings aren't correct it'll say:
Content-Type: multipart/signed; micalg=pgp-sha1; And when using S/MIME:
Content-Type: multipart/signed; boundary="N/A"; protocol="application/pkcs7-signature"; micalg=sha1
Other remarks:
Almost all messages discussing SHA1 being broken, were hashed with SHA1 and then the hash was signed with public key cryptography. That was pretty funny.
kw: Mozilla Thunderbird Enigmail, GnuPG, PGP, GPG, SHA1, SHA256, SMIME, S/MIME, hash, digest, signature, signatures, configuration, settings, set, configure, algorithm, preference, preferred, preference, security, privacy, email encryption, signing, data, email, configuring enigmail to use sha256, configuring GnuPG to use SHA256.