Weaknesses in SHA-1
Alan S. Jones
asj at ipa.net
Wed Sep 22 04:59:28 CEST 2004
I would be curious if anyone knows what the commercial PGP app supports
also for a good comparison. I think it would be helpful not just for
rumored weaknesses, but for over all compatibility knowledge. Maybe an
ongoing table we could keep current.
I know t hat SHA-1 has been analyzed more then SHA256, SHA384, or SHA512
thus could actually be stronger. However why not let people create keys
with those algorithms also in 1.4?
On a side note I know that the 1.3.x series will become the new stable 1.4.
However I was wondering when we would see the first builds that actually
said 1.4 come along? I figure we will see a much more use of that build
series when it actually says 1.4.
Alan
>
>gpg --version
>
>In 1.2.x, GnuPG supports MD5, SHA1, and RIPEMD160. It also supports
>SHA256 read-only (you can verify existing signatures made with SHA256,
>but not make new ones). If you compile it with the right options, you
>can get SHA384 and SHA512 read-only. TIGER192 is allowed, but
>discouraged.
>
>In 1.4, GnuPG will suppports MD5, SHA1, RIPEMD160, and SHA256. It
>will support SHA384 and SHA512 read-only. TIGER192 is removed.
>
>David
--
Alan S. Jones
asj at ipa.net
http://users.ipa.net/~asj
More information about the Gnupg-devel
mailing list