Weaknesses in SHA-1, gnupg dev versions

Thomas Schorpp t.schorpp at gmx.de
Wed Sep 22 21:24:27 CEST 2004

Hash: SHA1

David Shaw wrote:
| On Tue, Sep 21, 2004 at 09:59:28PM -0500, Alan S. Jones wrote:

| I'm not sure what you mean here - these are hash algorithms.  You
| don't create a key using them.

i would like sha512 too for better protection of my passphrase(?).
sorry, i cant afford helping implementing crypto-algorithms in gnupg.

|>On a side note I know that the 1.3.x series will become the new
|>stable 1.4.  However I was wondering when we would see the first
|>builds that actually said 1.4 come along?  I figure we will see a
|>much more use of that build series when it actually says 1.4.
| It won't be long now.

BTW, have i missed a newer dev-release than 1.3.6, ive seen the trust
stepping 1-3 was out and "problems" signing keys...?
ill not try cvs due to possible security hazard, since im doing "near
production" field tests with the openpgp testcard.
are there any newly known security issues and scenarios with >=1.3.6 non
ägypten versions?

if theres no official "security quality cycle" in this dev process, i
suggest cryptology specialists involved attacking my test key with
target "signature reproducal", etc.

since i can see a lot of keys without foreign signatures around, the
whole trust system should become "suspect" in future ;)

| David


Version: GnuPG v1.3.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


More information about the Gnupg-devel mailing list