SHA-1 recommendations

David Shaw dshaw at
Tue May 19 03:49:02 CEST 2009

On May 18, 2009, at 8:55 PM, Robert J. Hansen wrote:

> David Shaw wrote:
>> I'm not sure I follow where you're going with this.  What code change
>> would be necessary?  GPG already interprets the preferences in ranked
>> order.
> As I understood the proposal, even if a user put SHA-1 at the top of
> their preflist, we should consider it to be dropped to the bottom.   
> That
> would necessitate some changing to the code.  Of course, it's possible
> that I'm misunderstanding either or both of the proposal and the  
> code.  :)

Ah.  I thought Daniel was proposing that we just change the default  
hash preferences on new keys to something that puts SHA-2 before  
SHA-1.    Possibly I missed a message somewhere.  I didn't see the  
other proposal.

It's not particularly difficult to do this, and we already do  
something similar for MD5.  If the algorithm selection happens to  
settle on MD5, we silently swap in SHA-1 instead.  If the user  
explicitly chooses MD5 (either via digest-algo or by putting it in  
their personal-digest-prefs), then the conclusion is that they really  
meant to pick MD5 and so MD5 is used.

I don't think we're at the point of wanting to do this for SHA-1,  


More information about the Gnupg-devel mailing list