why is SHA1 used? How do I get SHA256 to be used?

vedaal vedaal.nistar at gmail.com
Wed Jul 11 06:41:09 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
>The general point remains, though,
that if you believe SHA-1 is insecure
then you need to stop using OpenPGP.

Well, Yes, and No. ;-)
SHA1 is hardwired into the fingerprint of v4 keys.

An open pgp consensus on a v5 key will not happen overnight.

So when is it reasonable enough to suggest that SHA1
is broken enough to start working on a v5 key?

vedaal


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iQIcBAEBCAAGBQJP/QPlAAoJEFBvT6HTX7GGwUgQAI3eHOQ9eNxuuXM6yzdB9jm0
BoE8bGXu9TyVlRFqUEieVjzmHYisxlsipto5YLfxyYHNqpPIz7ZTbUrWA1pXDqNe
pNZnxz6uRIW2qCof09D4jxdev7n4FzjZ0ugWY5wbb9alkJlqp59UTku+Oa+V47V6
yf4pl3CW2YSN1sB0roX4GY2K/UWa2I3cbllOIUFvBjXhWcm+b7qSmWkaY5O5yzrC
zqh53KqSekcaQch+NVJibs71kTK1O5iOX9H4Oa69VCkhJXtaex6ZUSfwIrSv+vVl
iJ6qH6LBYqF4hMg3QgkE/p2MEey4vOzBmOAp7CkL0IuZingFzIHu7mPIgc2wgxDz
UvwK68hT7kZkRt501rELT4OwLJhIx9xth7DC/Rj1dhyGpZWZiGVgu1MRvziCIcrk
di/yhTNQrcJGJCVf8oWH3tPkedaUNRBaksZNcNhbe5Gyes/rBBDPmmlmTR9AMcyG
+Bl7nf3jfOM7UsVXOcyqEXDiuYpInmrbkkk2BRv8PxmvfI0Y3qW2Zk3RVNY7ZNb/
8sSOVGD+BTmygUlYS07mwY1q3aWpBdBFTSEKa5pU/w3ZZtSPARj9+SfTLNLjeTLm
UgTthE3SqHTMrJtWCsGmvGTR73PYcthQXqvJkCUTHA/mYtEOTkG7eKfiXyJytMz8
QeUvM1NtSkDT6ypGGmRn
=+ApG
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list