Home > GnuPG, Integrity, Security > Hashing Algorithm: Is your GPG configuration secure?

Hashing Algorithm: Is your GPG configuration secure?

If your email messages are being signed using SHA-1 you may not be getting the security you think you are.  Attacks on the hashing algorithm have caused much pain to those that use it.  Luckily SHA-2 is available and hopefully we’ll start seeing SHA-3 out in the world soon.

You’ve probably already seen SHA-2 in the wild designated as SHA-224, SHA-256, SHA-384, and SHA-512.  Because of the weaknesses found in SHA-1 it’s important to not use that algorithm any longer.  That means when you generate hashes you shouldn’t use sha1sum but rather one of the SHA-2 tools: sha224sum, sha256sum, sha384sum, or sha512sum.  Depending on the length of time you need to protect the data the strength of the hash will be important.  A larger key will be more secure for a longer period of time than a shorter one.

GNU Privacy Guard (GPG) has a default of using SHA-1, however, unless you manually select another algorithm in your gpg.conf file (usually found in ~/.gnupg).  To use something other than the default you should add the following lines:

personal-cipher-preferences AES256 TWOFISH AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256
personal-compress-preferences ZLIB BZIP2 ZIP

These lines establish not only the preferences for which algorithms to use (for cipher, digest (hashing), and compression) but also in what order to use them.  You can determine what algorithms are available to you by asking GPG in the command line:

$ gpg --version
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

GPG will show specifically what is supported based on what’s built into the code when the package was built.

Using the proper algorithm is important for maintaining a secure communications environment so do your research and use something  in which you feel comfortable.

  1. Michael
    2013-02-21 at 18:10 EDT

    If the default is insecure, why not change it upstream ?

    • 2013-02-22 at 22:24 EDT

      Well, I’m not upstream but I could suggest it. I’m sure there are some legacy applications that require the older algorithms. Backwards compatibility is a concern there. If you default to the latest and greatest then you could break functionality when working with unknown, distant-end systems.

  2. Self signatures count too
    2013-10-16 at 17:40 EDT

    This is necessary but not sufficient to ensure you aren’t using SHA1 to self-sign your public key, since SHA1 is the default self-signature hash as well.

    You also need to generate keys via:
    gpg2 –gen-key –cert-digest-algo SHA512
    gpg2 –gen-key –cert-digest-algo SHA256

    This can be checked by running “gpg -vv –import ” and looking at “digest algo X” and using “gpg -v –version” to see which hash (digest) it is, i.e. 8 = H8 = SHA256 for GPG.

  3. s0me0ne
    2014-06-22 at 09:02 EDT

    Why do you preferred TWOFISH and not BLOWFISH?

    • 2014-06-22 at 13:50 EDT

      I actually prefer AES over both TWOFISH and BLOWFISH. I didn’t have (or want to do complete) the research on BLOWFISH which is why I didn’t list it. Honestly I should probably go back and refresh this and simplify the settings.

      • Hugo
        2015-05-08 at 22:32 EDT

        TWOFISH is the successor of BLOWFISH.

        Great post btw! I’d just like to point out the fact that (as stated in your wikipedia link), there is no plan to replace SHA-2 by SHA-3 at the moment. SHA-3 is mainly a insurance in case SHA-2 is ever broken (so that we have something ready and we don’t need to wait years of research with an insecure algorithm) but that probably won’t happen in the near future… You can read this answer from security.SE as well as the wikipedia article: http://security.stackexchange.com/a/21116

        PS: I know this post is quite old but I stumbled upon it on google so others might as well…

    • 2015-04-29 at 00:01 EDT

      Blowfish is old and shouldn’t be used for files over 4GB, Twofish is it’s successor. Bruce Schneier created both of them and recommends using Twofish over Blowfish.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s