SHA-1 recommendations

David Shaw dshaw at
Mon May 18 19:31:32 CEST 2009

On May 18, 2009, at 11:38 AM, Daniel Kahn Gillmor wrote:

> On 05/17/2009 10:20 PM, David Shaw wrote:
>> I see no conflict in the RFC:  the list is ordered, and a random
>> selection is perfectly conformant.
> i just re-read that bit of the RFC, and while it's somewhat vague, i
> think a reasonable interpretation is that it is indeed intended to  
> be an
> ordered, exhaustive list of algorithms supported, with most-preferred
> algorithms listed first.  The relevant bits are:

I agree with you, except for the "exhaustive" part.  I see no wording  
that states or even suggests that all possible algorithms supported  
need to be listed.

I list algorithms that I like, in the order in which I like them.   
That's it.  If I leave an algorithm off, that means either I don't  
like it or it doesn't exist in my implementation.  For example, I'm  
running a recent GPG, so I could have any combination of 3DES, CAST5,  
BLOWFISH, AES, AES192, AES256, and TWOFISH.  If I was to make a brand  
new key, I'd probably just list AES and 3DES (and maybe Camellia).  I  
don't "prefer" the others.


More information about the Gnupg-devel mailing list