SHA-1 recommendations

Daniel Kahn Gillmor dkg at
Tue May 19 06:59:29 CEST 2009

On 05/18/2009 09:49 PM, David Shaw wrote:
> On May 18, 2009, at 8:55 PM, Robert J. Hansen wrote:
>> As I understood the proposal, even if a user put SHA-1 at the top of
>> their preflist, we should consider it to be dropped to the bottom.  That
>> would necessitate some changing to the code.  Of course, it's possible
>> that I'm misunderstanding either or both of the proposal and the
>> code.  :)
> Ah.  I thought Daniel was proposing that we just change the default hash
> preferences on new keys to something that puts SHA-2 before SHA-1.   
> Possibly I missed a message somewhere.  I didn't see the other proposal.

All i had proposed in this particular point was changing the value of
default-preference-list to:

 SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1

I'm *not* proposing any other changes to default-preference-list.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090519/e3fd75af/attachment.pgp>

More information about the Gnupg-devel mailing list