gpg --weak-digest SHA1 incurs a serious performance cost for `--check-trustdb`
Open, NormalPublic

Description

I have weak-digest SHA1 in gpg.conf, but it seems to have a significant performance cost. With --weak-digest SHA1, i see:

0 dkg@alice:~/.gnupg$ time gpg --check-trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: Note: signatures using the SHA1 algorithm are rejected
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: depth: 0  valid:   4  signed:  17  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1  valid:  17  signed: 116  trust: 17-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2020-02-01

real	4m36.953s
user	1m45.679s
sys	2m50.833s
0 dkg@alice:~/.gnupg$

without this entry, i see:

0 dkg@alice:~/.gnupg$ time gpg --check-trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: depth: 0  valid:   4  signed:   3  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: depth: 1  valid:   3  signed: 120  trust: 3-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2020-01-30

real	0m53.880s
user	0m32.498s
sys	0m21.142s
0 dkg@alice:~/.gnupg$

(this is the same keyring, a keyring with 2306 keys, but *no* 1024-bit DSA keys at all)

I would have expected a speedup, not a slowdown, for having SHA-1 disabled. rejection of a signature because it uses the wrong digest algorithm ought to be cheaper than doing the math to calculate the signature.

Even if it wasn't cheaper, given the changes in 2.2.18 rejecting SHA-1 certifications, i would have expected the difference in performance to be minimal.

Details

Version
2.2.19
dkg created this task.Mon, Jan 27, 8:58 PM
werner triaged this task as Normal priority.Tue, Jan 28, 3:17 PM