SHA-1 recommendations
David Shaw
dshaw at jabberwocky.com
Tue May 19 03:49:02 CEST 2009
On May 18, 2009, at 8:55 PM, Robert J. Hansen wrote:
> David Shaw wrote:
>> I'm not sure I follow where you're going with this. What code change
>> would be necessary? GPG already interprets the preferences in ranked
>> order.
>
> As I understood the proposal, even if a user put SHA-1 at the top of
> their preflist, we should consider it to be dropped to the bottom.
> That
> would necessitate some changing to the code. Of course, it's possible
> that I'm misunderstanding either or both of the proposal and the
> code. :)
Ah. I thought Daniel was proposing that we just change the default
hash preferences on new keys to something that puts SHA-2 before
SHA-1. Possibly I missed a message somewhere. I didn't see the
other proposal.
It's not particularly difficult to do this, and we already do
something similar for MD5. If the algorithm selection happens to
settle on MD5, we silently swap in SHA-1 instead. If the user
explicitly chooses MD5 (either via digest-algo or by putting it in
their personal-digest-prefs), then the conclusion is that they really
meant to pick MD5 and so MD5 is used.
I don't think we're at the point of wanting to do this for SHA-1,
though.
David
More information about the Gnupg-devel
mailing list