Blog‎ > ‎

SHA1 (SHA-1) is broken - How to configure GnuPG and Mozilla Thunderbird / Enigmail

posted Feb 24, 2017, 7:40 AM by Sami Lehtinen   [ updated Feb 24, 2017, 7:48 AM ]
Generic background information for this post  and SHA-1 being broken can be found from this site:
Simply put: Well, they've done it. SHA1 collision generated on purpose.
SHA1 has been on way out for a decade. But now it's finally time to retire it on cases where security matters. It still can be used as hash algorithm, as long as you just remember it isn't secure one. I'm using often some extremely simple algorithms like adler32 or crc32 to generate 'hashes'. Point is just to generate short version of data, which is highly likely to produce another outcome if data is being changed.
As happened with MD5, it's probable that massive increase in attack strength expected in near future. So if it's now considered to be broken, soon it will be much more broken.

GnuPG configuration

In gpg.conf set following settings:
personal-digest-preferences SHA256 SHA512
digest-algo SHA256

Enigmail for Mozilla Thunderbird configuration

In Thunderbird settings, just set:
extensions.enigmail.mimeHashAlgorithm = 3

It stands for SHA256.  Note that the = is just indicating key and value separation. The equal sign shouldn't be used.

Other issues and tests

Even if digest-algo and personal-preferences are set, and the recipient doesn't set any hash preference. Enigmail still signs with SHA1. I don't know why.
These tests were made from command-line / shell.
Hash: SHA1
Version: GnuPG v1
Only when digest-algo SHA256 option is enabled then output will be using
Hash: SHA256
Version: GnuPG v2
As you can notice I've tested everything using GnuPG v1 and GnuPG v2.
Now the command line --clearsign produces right output. Yet interestingly that won't affect Enigmail.
Also my own default key sets SHA256 as preference. But that won't clearly affect signing by default with that key. Which would have been nice?
Just to make sure that the recipient preferences do not affect the outcome. I've disabled the digest-algo option and tried using -r when clear signing.
GnuPG just warns that -r without -e doesn't encrypt the message. But still the digest-algo preferences set by -r user's preferences won't affect the digest algorithm. Hmph.
So, just go and add digest-algo SHA256 in your gpg.conf if it isn't there already.
But how do I specify the hash algorithm for Enigmail?
Quote from Enigmail Wiki documentation:
"Enigmail relies by default on GnuPG for selecting the hash (digest) algorithm. From GnuPG, the hash algorithm can be specified in the file gpg.conf using the parameter digest-algo hash_algorithm."
Yet for some interesting reason, the digest-algo setting didn't actually affect Enigmail. 
Other values for mimeHashAlgorithm with Enigmail:
0: Automatic selection, let GnuPG choose (default, recommended)
1: SHA1
2: RIPEMD160
3: SHA256
4: SHA384
5: SHA512
After changing the settings, I sent email to myself and verified that the setting actually affects the mesages being sent out:
Content-Type: multipart/signed; micalg=pgp-sha256;
If settings aren't correct it'll say:

Content-Type: multipart/signed; micalg=pgp-sha1;

And when using S/MIME:

Content-Type: multipart/signed;
    protocol="application/pkcs7-signature"; micalg=sha1

Other remarks:

Almost all messages discussing SHA1 being broken, were hashed with SHA1 and then the hash was signed with public key cryptography. That was pretty funny.

kw: Mozilla Thunderbird Enigmail, GnuPG, PGP, GPG, SHA1, SHA256, SMIME, S/MIME, hash, digest, signature, signatures, configuration, settings, set, configure, algorithm, preference, preferred, preference, security, privacy, email encryption, signing, data, email, configuring enigmail to use sha256, configuring GnuPG to use SHA256.