SHA1 being used despite public key preferences
dshaw at jabberwocky.com
Fri Oct 29 21:57:08 CEST 2010
On Oct 21, 2010, at 5:16 AM, smu johnson wrote:
> On Wed, Oct 20, 2010 at 6:50 PM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
> The problem comes from saying, "well, Bruce says…".
> A good argument stands on its own legs: it doesn't rely on any external authority for its soundness. A lot of people in the crypto community are extraordinarily sensitive to what's called "appeal to authority" — since this one person says so, it must be so. It's far better to give an argument that stands on its own, rather than appeal to "it's what Bruce says."
> Two things. First, "Bruce says.." was meant to be sort of like a bibliography, when you try to find experts in the field who have said the same things you are saying. Usually it's good to give a bit of evidence for some of the arguments you are making. It is at least a better argument than me writing to the list without anything to back it up. So, I quoted some stuff Bruce said. Would you go around telling people who have citations in bibliographic form that "A good argument stands on its own legs: it doesn't rely on any external authority for its soundness."?
> Second thing: I already gave a good argument. Let's forget what Bruce said. And forget that I gave him as source. Let's go back to the basic message: SHA-1 is broken. It has been public knowledge for 5 years, and 2 years ago, a better attack was published. That is the basis for this whole thread, more or less. Ignore everything else I've said, except this one thing: SHA-1 is broken.
I've made the change. Incidentally, this was already true for GnuPG 2.0. 1.4 now matches the 2.0 behavior of not having any default for personal-digest-preferences.
While I was in there, I also made a small change in how MD5 is handled. Previously, if the algorithm selection ran and ended up with MD5 as the winning algorithm, GnuPG would replace it with SHA-1 (if available). Now, as long as there is at least one other digest available, MD5 is simply removed from the available algorithm list. This means that the next-highest ranked algorithm will be chosen, instead of forcing it to SHA-1.
More information about the Gnupg-devel