Weaknesses in SHA-1, gnupg dev versions
Thomas Schorpp
t.schorpp at gmx.de
Wed Sep 22 21:24:27 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Shaw wrote:
| On Tue, Sep 21, 2004 at 09:59:28PM -0500, Alan S. Jones wrote:
|
| I'm not sure what you mean here - these are hash algorithms. You
| don't create a key using them.
|
i would like sha512 too for better protection of my passphrase(?).
sorry, i cant afford helping implementing crypto-algorithms in gnupg.
|
|>On a side note I know that the 1.3.x series will become the new
|>stable 1.4. However I was wondering when we would see the first
|>builds that actually said 1.4 come along? I figure we will see a
|>much more use of that build series when it actually says 1.4.
|
|
| It won't be long now.
BTW, have i missed a newer dev-release than 1.3.6, ive seen the trust
stepping 1-3 was out and "problems" signing keys...?
ill not try cvs due to possible security hazard, since im doing "near
production" field tests with the openpgp testcard.
are there any newly known security issues and scenarios with >=1.3.6 non
ägypten versions?
if theres no official "security quality cycle" in this dev process, i
suggest cryptology specialists involved attacking my test key with
target "signature reproducal", etc.
since i can see a lot of keys without foreign signatures around, the
whole trust system should become "suspect" in future ;)
|
| David
|
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iQCVAwUBQVHRaGqsze5HSzyoAQKseQQArwXQvmVR3w5B++vVcWKKLWWQKVOaXWoN
88I/LoRs37IrmRxsl4wbIC6WsHvVdCqKS87yq0gdLxsjC9WVU6JJ8IgVJvSpGofg
NCS4W3rhoEeVOjZ5n+r2IwuFh/7Y+K6Y2FNwFO45OOyB5QtK52miAXQ+Z6LqDfks
HNohRbjMVCc=
=z7E0
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list