SHA-1 recommendations
David Shaw
dshaw at jabberwocky.com
Tue May 19 01:29:06 CEST 2009
On May 18, 2009, at 6:19 PM, Robert J. Hansen wrote:
>> * re-order them in a clearly-stated way (i.e. commit to saying "gpg
>> interprets and produces the orderings as preferential, with most-
>> desired
>> first"), and explicitly, publically prefer digests from the SHA-2
>> family
>> over SHA-1.
>
> This would require a modification to the current code, which I would
> feel kind of bad about. I harped on the importance of considering the
> recipient's preferences for quite a while; finally, David was kind
> enough to change algorithm selection so that it works by a modified
> Borda count. We'd have to revisit that code, but I don't see as how
> it
> would be too difficult.
I'm not sure I follow where you're going with this. What code change
would be necessary? GPG already interprets the preferences in ranked
order.
David
More information about the Gnupg-devel
mailing list