[PATCH] default-preference-list: prefer SHA512.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Nov 18 01:11:49 CET 2017
On Wed 2017-11-15 20:52:08 +0100, Werner Koch wrote:
> On Thu, 28 Sep 2017 14:32, dkg at fifthhorseman.net said:
>
>> Specifically, this changes --default-preference-list from:
>>
>> SHA256 SHA384 SHA512 SHA224
>>
>> to:
>>
>> SHA512 SHA384 SHA256 SHA224
>
> Given that these are only preferences I don't see a reason to object
> against swapping SHA256 with SHA512.
great! should i merge the patch then on master and STABLE-BRANCH-2-2,
or will you do it?
> In general I would like to get rid of SHA224 and SHA384 because I can't
> see any advantage in using them or _announcing_ that they are supported:
> Both are truncated version of the other algos using a different IV.
> They are similar like AES192 which is also rarely used. Note that gpg
> will in any case _support_ all 4 algos.
>
> However, dropping them 2.2 would not be good. Thus my suggestion for
> 2.2 would be:
>
> SHA512 SHA256 SHA384 SHA224
>
> and for 2.3:
>
> SHA512 SHA256
If you'd like to have a separate discussion about dropping SHA224 and
SHA384 for 2.3, i have no objections -- i've never seen those used in
the wild, so discouraging their use further doesn't seem like a problem
to me.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171118/fe1d18d1/attachment-0001.sig>
More information about the Gnupg-devel
mailing list