SHA1 being used despite public key preferences
smu johnson
smujohnson at gmail.com
Thu Oct 21 00:38:28 CEST 2010
On Wed, Oct 20, 2010 at 1:57 PM, John Clizbe <John at mozilla-enigmail.org>wrote:
> Robert J. Hansen wrote:
> > On 10/20/2010 3:08 PM, smu johnson wrote:
>
> > In real-world systems you can't simply stop using an algorithm cold and
> > start using something new. The overwhelming majority of times you have
> > to establish a migration path to allow the system to continue operating
> > as new capabilities are added to it and old capabilities removed.
>
> Exactly Rob, there are still a lot of users out there whose PGP software
> cannot
> handle the SHA-2 hashes. We shouldn't just throw them overboard and sail
> on.
>
>
With the solution I mentioned and David Shaw mentioned, namely: "... I would
say that a better answer would be to make personal-digest-preferences not
default to anything at all.", this wouldn't be an issue at all. It would
look at the PGP user's prefs to pick one, if nothing was defaulted
out-of-the-box.
This also solves Roberts concern, where he said hypothetically "To heck with
that: I'm going to use SHA256, or whatever algorithm I like.". If you want
to use whatever you like, setting the "personal-digest-preferences" from
nothing to whatever you like solves this.
>
> One other little thing I got from our IETF friend Jeff: MD5 and SHA1 are
> both
> hard-wired into a BUNCH of silicon as well as required by a lot of
> protocols.
> THAT is the sort of change that will require decades.
>
I'm not sure how this is related. Maybe I'm interrupting a different
subject discussion? If not, all I'm suggesting is the default
out-of-the-box GnuPG install does not default to anything for personal
digest preferences. I'm not suggesting we remove any digests from GnuPG.
I'm not suggesting that public keyprefs override personal preferences.
Lastly, I'm not sure how the hardware issues are a concern for this
suggested GnuPG change.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101020/990b06bc/attachment-0001.htm>
More information about the Gnupg-devel
mailing list