[MlMt] Note that the SHA1 hash algorithm has been found to have weaknesses

Bill Cole mmlist-20120120 at billmail.scconsult.com
Sun Aug 24 17:27:32 EDT 2025

Previous message (by thread): [MlMt] Note that the SHA1 hash algorithm has been found to have weaknesses
Next message (by thread): [MlMt] from vin - MM not syncing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2025-08-24 at 11:19:29 UTC-0400 (Sun, 24 Aug 2025 16:19:29 +0100)
mat via mailmate <mailmate at lists.freron.com>
is rumored to have said:

> Hello,
>
> Since I had to setup my Mac anew I get this warning when I send signed 
> or encrypted mail.
> I have to click it away, else I can’t send.
> My keys are all RSA and at 2048 in size.
> Mailmate is: Version 2.0 (6272)
>
> Any idea what might go wrong here?

Not precisely, as you didn't say whether you are using GPG or S/MIME.

The SHA* algorithms are "Secure Hashes" which are used to generate 
random-looking fixed length "message authentication codes" or 
"fingerprints" from arbitrary input data, which cannot be used to 
regenerate the original data. Contrary to the name, those "fingerprints" 
are NOT globally unique, but they are distinct enough for most uses 
because generating hash collisions intentionally is very hard. For SHA1 
(which generates 160-bit hashes) there are enough tricks discovered and 
enough raw computing power widely available to make use of SHA1 unsafe 
in some uses. Both S/MIME certificates and GPG keys can use SHA1, and it 
was required for use on "v4" keys (see 
https://www.rfc-editor.org/rfc/rfc4880#section-12.2) but has since been 
deprecated. Similarly, the x509 certificates issued for S/MIME for many 
years used SHA1 but today typically use SHA256 or SHA512.

The reason this is just a warning that you can click through is that the 
"insecurity" of SHA1 is mostly theoretical for the email use case. SHA1 
is used in establishment of trust for keys/certs rather than being used 
in encryption, so the theoretical attacks are a bit past (IMNSHO) what 
one needs to worry about unless one is a target of a very motivated and 
well-resourced attacker.

I'm not sure if it is still needed, but back when the deprecation of 
SHA1 was more recent, I found it helpful to add these lines to 
~/.gnupg/gpg.conf:


	personal-digest-preferences SHA512 SHA384 SHA256 SHA224
	cert-digest-algo SHA512
	default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES 
CAST5 ZLIB BZIP2 ZIP Uncompressed

I am no longer entirely sure why (or even whether) I needed all 3 lines, 
but I have not had a SHA1 warning in years...

-- 
  Bill Cole
  bill at scconsult.com or billcole at apache.org
  (AKA @grumpybozo at toad.social and many *@billmail.scconsult.com 
addresses)
  Not Currently Available For Hire

Previous message (by thread): [MlMt] Note that the SHA1 hash algorithm has been found to have weaknesses
Next message (by thread): [MlMt] from vin - MM not syncing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list