SHA1 being used despite public key preferences

David Shaw dshaw at
Fri Oct 29 21:57:08 CEST 2010

On Oct 21, 2010, at 5:16 AM, smu johnson wrote:

> On Wed, Oct 20, 2010 at 6:50 PM, Robert J. Hansen <rjh at> wrote:
> The problem comes from saying, "well, Bruce says…".
> A good argument stands on its own legs: it doesn't rely on any external authority for its soundness.  A lot of people in the crypto community are extraordinarily sensitive to what's called "appeal to authority" — since this one person says so, it must be so.  It's far better to give an argument that stands on its own, rather than appeal to "it's what Bruce says."
> Two things.  First, "Bruce says.." was meant to be sort of like a bibliography, when you try to find experts in the field who have said the same things you are saying.  Usually it's good to give a bit of evidence for some of the arguments you are making.  It is at least a better argument than me writing to the list without anything to back it up.  So, I quoted some stuff Bruce said.  Would you go around telling people who have citations in bibliographic form that "A good argument stands on its own legs: it doesn't rely on any external authority for its soundness."?
> Second thing:  I already gave a good argument.  Let's forget what Bruce said.  And forget that I gave him as source.   Let's go back to the basic message:  SHA-1 is broken.  It has been public knowledge for 5 years, and 2 years ago, a better attack was published.  That is the basis for this whole thread, more or less. Ignore everything else I've said, except this one thing: SHA-1 is broken.

I've made the change.  Incidentally, this was already true for GnuPG 2.0.  1.4 now matches the 2.0 behavior of not having any default for personal-digest-preferences.

While I was in there, I also made a small change in how MD5 is handled.  Previously, if the algorithm selection ran and ended up with MD5 as the winning algorithm, GnuPG would replace it with SHA-1 (if available).  Now, as long as there is at least one other digest available, MD5 is simply removed from the available algorithm list.  This means that the next-highest ranked algorithm will be chosen, instead of forcing it to SHA-1.


More information about the Gnupg-devel mailing list