Comment by woodruffw
1 year ago
> they are not worse than having no traceability of the package at all between the author and PyPI.
Except that they are: PGP does not give you this kind of identity relationship. The most it can give you is an association to a key ID, which is (1) brute-forceable, and (2) not strongly bound to any actual user or machine identity.
The only thing worse than an unsecured scheme is an insecure scheme that lulls users into a false sense of security and authenticity. PGP signatures on PyPI are the latter.
>The most it can give you is an association to a key ID, which is (1) brute-forceable
This is false. That would mean brute forcing a 160 bit SHA-1 hash. That is not possible.
This is wrong on every conceivable level:
1. Key IDs are 32-bit truncations of the SHA-1 hash. That means 32 bits of state, not 160. Fake key IDs are observable in the wild[1].
2. You're confusing pre-image resistance with collision resistance. SHA-1 has been publicly vulnerable to practical collision attacks since 2017[2].
[1]: https://www.phoronix.com/news/Short-PGP-Collision-Attacks
[2]: https://shattered.io/
OK, you are talking about the 64 bit keyID. The 32 bit keyIDs are no longer used for the reason you state.
Shattered is about SHA-1 use in key signatures. It has nothing to do with keyIDs.