SHA1 being used despite public key preferences

Robert J. Hansen rjh at
Wed Oct 20 23:48:00 CEST 2010

On 10/20/2010 4:57 PM, John Clizbe wrote:
> One other little thing I got from our IETF friend Jeff: MD5 and SHA1
> are both hard-wired into a BUNCH of silicon as well as required by a
> lot of protocols. THAT is the sort of change that will require
> decades.

As another example, MD5 is still /the/ hash algorithm of choice for
digital forensics.  There are a ton of judicial opinions recognizing
MD5's capabilities, and so far none recognizing its limitations -- so if
you want to present evidence ("the images found on the defendant's hard
drive matched MD5s of images in the National Exploited Children Imagery
Database"), you do it with MD5.

There's some push afoot to move to SHA256, but this is being heavily
resisted by prosecutors.  Their attitude is simple: why should they risk
a conviction on introducing a new kind of digital evidence in court,
when they can use an older and more accepted method that has exactly
zero opinions advising against its use?

I often hear people talk about the need for pragmatism, but really, we
have to be even more pragmatic than that.  We have to be wise enough to
balance *our* pragmatic concerns with *our users'* pragmatic concerns.
The two will rarely be identical, but if we're lucky we can find
solutions that target both.

More information about the Gnupg-devel mailing list