Weaknesses in SHA-1, gnupg dev versions
t.schorpp at gmx.de
Wed Sep 22 21:24:27 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
David Shaw wrote:
| On Tue, Sep 21, 2004 at 09:59:28PM -0500, Alan S. Jones wrote:
| I'm not sure what you mean here - these are hash algorithms. You
| don't create a key using them.
i would like sha512 too for better protection of my passphrase(?).
sorry, i cant afford helping implementing crypto-algorithms in gnupg.
|>On a side note I know that the 1.3.x series will become the new
|>stable 1.4. However I was wondering when we would see the first
|>builds that actually said 1.4 come along? I figure we will see a
|>much more use of that build series when it actually says 1.4.
| It won't be long now.
BTW, have i missed a newer dev-release than 1.3.6, ive seen the trust
stepping 1-3 was out and "problems" signing keys...?
ill not try cvs due to possible security hazard, since im doing "near
production" field tests with the openpgp testcard.
are there any newly known security issues and scenarios with >=1.3.6 non
if theres no official "security quality cycle" in this dev process, i
suggest cryptology specialists involved attacking my test key with
target "signature reproducal", etc.
since i can see a lot of keys without foreign signatures around, the
whole trust system should become "suspect" in future ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-devel