un-trusting MD5 in gpg
Werner Koch
wk at gnupg.org
Mon May 4 19:41:17 CEST 2009
On Mon, 4 May 2009 16:46, dshaw at jabberwocky.com said:
> might want to do something more surgical and just block MD5
> verification for the OpenPGP operations (though completely removing
> the hash has the appeal of simplicity).
In fact if you run GPG-2 with libgcrypt in Enforced FIPS mode, this is
already the case. The drawback is that you won't have Elganmal either.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list