SHA-1 recommendations

David Shaw dshaw at jabberwocky.com
Tue May 19 01:29:06 CEST 2009


On May 18, 2009, at 6:19 PM, Robert J. Hansen wrote:

>> * re-order them in a clearly-stated way (i.e. commit to saying "gpg
>> interprets and produces the orderings as preferential, with most- 
>> desired
>> first"), and explicitly, publically prefer digests from the SHA-2  
>> family
>> over SHA-1.
>
> This would require a modification to the current code, which I would
> feel kind of bad about.  I harped on the importance of considering the
> recipient's preferences for quite a while; finally, David was kind
> enough to change algorithm selection so that it works by a modified
> Borda count.  We'd have to revisit that code, but I don't see as how  
> it
> would be too difficult.

I'm not sure I follow where you're going with this.  What code change  
would be necessary?  GPG already interprets the preferences in ranked  
order.

David




More information about the Gnupg-devel mailing list